Types of data we collect

We require minimal personal data from you to provide our service to you. When you use the App, you may provide us with the following personal data, and we may collect and process such personal data in accordance with this Privacy Policy and for the following purposes:

Contact details

This includes your name, email address and any other contact details you may choose to provide to us.

Financial information

We do not collect your financial information. Any financial information you provide is to Apple, Google or Stripe.

Data that identifies you

Your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version.

Data on how you use Clementine

Your App usage and URL clickstreams (the path you take through our App), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often, and other actions.

Survey data

This includes any additional information you may choose to give us as part of a survey we conduct to analyse trends and develop new content.

Location data

This includes your precise and approximate geo-location which is collected by Apple/Google from the device you use to access the App.

Usage data

We may process data regarding your use of the App, including average time spent in the App, any problems reported, what is accessed on the App and frequency of logins. This helps us optimize performance and improve the App.

Marketing and communications data

Includes your preferences in receiving marketing from us and your communication preferences.

Aggregate data

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

How and why we use your data

Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. We will not process your personal data for any other reason without your consent or informing you of any other lawful basis for doing so. Here are the reasons for which we process your data:

Create your Account

To set up your account to enable you to use Clementine.

Legal basis for data usage: contract

Keeping Clementine running

• Managing your requests, login and authentication.

• Remembering your settings, processing payments, hosting and back-end infrastructure.

• To contact you if there are any problems with the App and to inform you of any changes we make to the App, its Terms or this Privacy Policy.

• To prevent fraud, to keep users safe, to answer any queries or propose solutions to any problems users are having with the App.

Legal basis for data usage: legitimate interests

Improving Clementine

Testing features, interacting with feedback platforms and questionnaires, managing landing pages, traffic optimization and data analysis and research, including profiling and other techniques over your data and in some cases using third parties to do this.

To let you know of any new sessions or general updates about Clementine, and if relevant, to contact you about and allow your participation in beta testing of any new versions of the App or new functionality.

Legal basis for this data usage: contract/legitimate interests

Customer support

Notifying you of any changes to our service, solving issues via email including any bug fixing.

Legal basis for this data usage: to fulfil our contract with you

Marketing purposes (with your consent)

Sending you emails and messages about new features, products and services, content and communication preferences.

Legal basis for this data usage: consent

Your privacy choices and rights

Your choices

You can choose not to provide us with personal data

In accordance with the data minimisation principle, your basic personal data is required to create an account on the Clementine App. If you choose not to provide these basic personal details then you will be unable to view our App or browse its contents.

You can turn off cookies in your browser by changing its setting

We use cookies. Unless you adjust your browser settings to refuse cookies, we (and these third parties) will issue cookies when you interact with Clementine with your consent. These may be ‘session’ cookies, meaning they delete themselves when you leave Clementine, or ‘persistent’ cookies which do not delete themselves and help us recognise you when you return so we can provide a tailored service.

Some of our third party service providers may place third party cookies on your device that are necessary in order to help with the proper functioning of our service, such as storing and remembering your log-in details and automatically reporting any bugs or other issues with the App.

We would also like to place tracking cookies on your device for the purpose of user attribution (to see how our users came to the Clementine App). This could include which advertisements were clicked on via a social media marketing campaign. We will always obtain your consent before placing these cookies.

For information about the cookies that we use please read our Cookies Policy available here: https://clementineapp.com/cookie-policy

You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you should be able to continue to use the website and browse its pages.

You can ask us not to use your data for marketing

We will inform you (before collecting your data) if we intend to use your data for marketing and if third parties are involved. You can opt out from marketing by emailing us at help@clementineapp.co.uk or by clicking the 'unsubscribe' button at the bottom of any marketing email.

You can consent/opt-in to sharing your data to third parties

Apple HealthKit

If you consent/opt-in, we can share ‘mindful minutes’ data with Apple HealthKit showing how long you spend using the Clementine App (please note, we do not ask to receive or read any of your health data stored on the Apple HealthKit).

You should review Apple's privacy notice and other applicable policies as any information that we share with Apple HealthKit will become subject to Apple's privacy notice and procedures. We are not responsible for who Apple may share your personal data with.

Your rights

You can exercise your rights by sending us an email at dpo@clementineapp.co.uk.

We will aim to respond to any request from an individual seeking to exercise their rights within one month of receipt of any request.

You have the right to access information we hold about you

This includes the right to ask us supplementary information about:

• the categories of data we’re processing

• the purposes of data processing

• the categories of third parties to whom the data may be disclosed

• how long the data will be stored (or the criteria used to determine that period)

• your other rights regarding our use of your data

We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.

You have the right to make us correct any inaccurate personal data about you

You can ensure the personal data we hold about you is correct by viewing your Clementine account. If data is incorrect then please correct it or send us an email to correct it at help@clementineapp.co.uk

You can object to us using your data for profiling you or making automated decisions about you

We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behaviour). Otherwise, the only circumstances in which we will do this is to provide the Clementine service to you.

You have the right to port your data to another service

We can provide a copy of your data to another service in commonly used digital format. We will not do so to the extent that this involves disclosing data about another individual.

You may have the right to be 'forgotten' by us

You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes of your use of Clementine.

You have the right to lodge a complaint regarding our use of your data

Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.

How secure is the data we collect?

We have physical, electronic, and managerial procedures to safeguard and secure the information we collect.

And please remember:

• You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure.

• You are responsible for your username and password: keep them secret and safe!

• If you believe your privacy has been breached, please contact us immediately on dpo@clementineapp.co.uk.

• Our App may contain links to our website and third party websites and apps. If you follow a link to a third party website or app, please note that this Privacy Policy does not apply to that website or app. We are not responsible or liable for the privacy policies or practices of any third party websites or apps, so check their policies before you submit any personal data to those websites.

Where do we store the data?

The personal data we collect is stored and processed on the cloud. These cloud services are required to operate and run our App. These services are operated by the third parties identified below.

By submitting your personal data and using our App you agree to this transfer, storing or processing by us. If we transfer or store your information outside the UK/EEA we will take steps to ensure that your privacy rights continue to be protected. While in storage your personal data is encrypted, and only accessible by authorised individuals using two factor authentication. Other measures are set out in this Privacy Policy.

How long do we store your data?

We will delete your personal data from our system 6 years from the last time you used Clementine. This is in accordance with our legal obligation to retain such data. For example auditing or tax purposes.

Third parties who process your data

Tech businesses use and often need third parties to help them host their application, communicate with customers, provide analytics services or power their emails etc. We partner with third parties who we believe are the best in their field at what they do.

When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy. Where personal data is transferred to a third party in the USA, or other third party outside the UK/EEA,  we take steps to ensure we agree standard contractual clauses (SCC’s) with them, as well as ensuring there are additional safeguards in place to protect your data. We deliberately only store limited personal data (name and email address).

Transfers under an exception

In the absence of SCC’s or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g:

• You have explicitly consented to the proposed transfer after having been informed of the possible risks (for example upon registration);

• The transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;

• The transfer is necessary for a contract in your interests, between us and another person; or

• The transfer is necessary to establish, exercise or defend legal claims.

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.

Our third party processors

Here are the details of our main third-party service providers, and what data they collect or we share with them, where they store the data and why they need it:

Infrastructure

Analytics

Children’s data

The Clementine service is for individuals over the age of 13. Clementine do not knowingly collect the personal data of individuals under 13 years of age. If a user becomes aware that someone under 13 has registered for an account with us then they are asked to contact us urgently by email - dpo@clementineapp.co.uk.

Comments and changes

If you have any questions, comments and requests about this Privacy Policy or your personal data, please contact us at dpo@clementineapp.co.uk.

Please keep us informed of any changes to your personal data at any time by updating your details in the App.

Any changes we may make to this Privacy Policy in the future will be displayed within the App and, where appropriate, notified to you by email. Please check back regularly to keep informed of updates or changes to this Privacy Policy.