- our website, www.fika.community (the “Site”);
- our “Fika” mobile apps or our web app app.fika.community (the “Apps” or any one of them an “App”);
- our Fika reporting dashboard (the “Dashboard”);
- our Fika mental fitness research studies which may take place separately from the Site, Dashboard or Apps (the “Fika Studies”);
- or participation in, our training, workbooks or courses whether face-to-face (non-digital interactions) or via materials, Apps, Dashboard or Site (“Fika Training”);
- the Apps, Fika Studies and Fika Training in the context of face-to-face interactions between Fika users; and
- through your attendance at Fika Community events.
Fika is owned and operated by Fika Community Limited, a company registered in England and Wales under number 11114186 with its registered office at Challenge House, Sherwood Drive, Bletchley, Milton Keynes MK3 6DP (“we”, “our”, and “us”). For the purpose of data protection laws, Fika Community Limited is your data controller and is registered with the Information Commissioner’s Office (ICO) under Registration Number ZA498380.
Information we may collect from you
We may collect and process the following data about you:
- Identity Data: The identity and contact details you give us when you register to use Fika, when you report a problem with or have a question about Fika, if you agree to participate in one of our Fika Studies, if you participate in any Fika Training, when contacting us to discuss your or your organisation’s use of or interest in using Fika, or in relation to your attendance at a Fika Community event. The basic information that you must give us in order to open and access a Fika account on the Apps or Site is your email address and age consent (over 16). However, we may sometimes collect additional information from you such as your name, office address, postcode, phone number, date of birth or year of birth, department of work, business function, specifics about your role (i.e. job title), university year of study, student ID number, subject of study and year of graduation, and any other information provided by you on registration.
- Location Data: We may collect the IP address that you use to connect to the Apps or Site, and (where activated and you have agreed to this on your mobile device) your location information from your mobile device. Please see our Cookies Policy for further information. Certain functions on the Apps may make use of location data sent from your device to provide and improve location-based products and services. You can turn off this functionality at any time by turning off the location services settings for Fika on the device.
- Profile and Usage Data: This includes information about how you use Fika such as your Fika topics, goals, interests, preferences, feedback, survey responses, workbook responses, Fika exercises selected and completed, purchase history, duration of use, frequency of use, profile building, image choices and desired outcomes e.g. 'finding my strengths' or 'developing resilience'. Usage data may be collected by cookies and tracking technology. Please see our Cookies Policy for further information.
- Your Content: The Apps and Fika Training offer features which allows you to input and store your notes in a journal (“Notes Content”). As additional features are introduced to Fika, you may also be able to input other user generated content (such as pledges or information about your activity) to enable you to interact with or share your activity with other Fika users (“User Generated Content”).
- Feedback Data: If you contact us to provide feedback or with any queries, or if you provide feedback to us during the course of one of our Fika Studies, we may keep a record of that correspondence.
- Device Data: With regard to your use of the App(s) or Site we may collect information about your mobile device, including, where available, your device ID, and operating system, for system administration and to analyse statistical data about our users’ actions and patterns. Device Data may be collected by cookies. Please see our Cookies Policy for further information.
- Marketing and communications data: This includes your preferences for receiving marketing from us.
If you attend a Fika Community event or face-to-face Fika Training, the personal information we hold about you includes the information listed above, as well as any dietary requirements or information regarding accessibility that you may provide to us. We may also photograph and/or film Fika Community events. Attendees may be requested to sign an image release form, in relation to our use of your image.
Information about others
If you submit personal information on behalf of another person, for example (without limitation) if you:
- add a contact or refer a friend, colleague or family member via email, the App(s) or Dashboard;
- provide us with personal information of individuals within your university or educational institution where you study or graduated from, or your employer (e.g. your line manager or your employees) or other organisation of which you are a member (“Community”) who have not engaged directly with us via the App(s) or Site, or
- provide us with contact details of staff or other individuals in your Community so that we can give them admin access to the Dashboard and/or register them with Fika;
A note about your health and other sensitive information
Where we process other special category data, data protection law requires that we satisfy certain additional conditions. Special category data can include information such as data concerning your health, ethnicity, political opinions or sexual orientation. We will only process your special category data with your explicit consent.
If you choose to add Content that includes information about your mental health and/or physical health and/or wellbeing, or any other sensitive information about you (for example, in your Notes Content) we will collect and store this Content on the basis that you provided your explicit consent for us to do so when accessing the relevant features of the App(s), by means of a separate opt-in option. If you do not provide this explicit consent or if you withdraw your explicit consent at any time then you may not be able to continue to use the relevant feature of the App(s).
If you provide us with other special category data for the purpose of a Fika Community event or a face-to-face Fika Training (for example, when hosting events we may be required to process special category data such as any dietary requirements or information regarding accessibility) we will only do so with your explicit consent.
Uses made of the information
We use information held about you in the following ways:
For the provision of the Apps, the Site, the Dashboard and the services available from them to you and to provide you with the information, products and services that you request from us through the Apps or Site together with customer support. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.
To manage and run Fika Studies in which you are involved. Our use of your identity data for these purposes is on the basis of your consent (which may have been given to us or to your Community Organisation).
To organise, run and invite you to Fika Community events.
To manage and run Fika Training in which you are involved. We may also provide you with a certificate with your name on it. Our legal basis for the use of your identity data for these purposes is the performance of the contract that we have entered into with you or our legitimate interest if you have participated in any Fika Training.
To notify you about new Fika products, services or features which are available to you, changes to Fika features or services or tips on how to use Fika by sending emails or push notifications to you. You can opt out of receiving these communications from us by updating your communications preferences in the App, or by clicking on the unsubscribe link in any email that we send to you.
Your Notes Content is collected and stored so that we can provide the Notes function on the Apps to you. We will not use it for any other purposes. We do not monitor, review or analyse data that is stored in a Notes or journal. You can delete your entries at any time.
Any User Generated Content (excluding your Notes Content) which you input to enable you to interact with other Fika users is collected and stored, so that we can provide the relevant features to you.
If you choose to share any of your User Generated Content with others in the Community or outside your Community (e.g. your family, friends, colleagues or the entire community of Fika users), you will have control over what to share or what not to share. Please note that once you have shared User Generated Content with others, it may not be possible for us to remove that content.
Profile and Usage Data
Collecting and profiling your Profile and Usage Data, to improve your user experience. Our legal basis for using your information in this manner is the performance of the contract that we have entered into with you.
Ensuring that content from the App(s), Dashboard or Site is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.
Suggesting content and activities for you to try on Fika based on your previous uses of Fika, either through push notifications to your device, or emails sent to your registered email address. Our legal basis for using your information in this manner is consent where legally required or the performance of a contract that we have entered into with you.
Feedback Data, Device Data and Profile & Usage Data
Asking you to provide feedback, leave a review or take a survey. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services for the purpose of our future development of Fika, and of managing and moderating member access to the App(s) or Site.
Ensuring that content from the App(s), Site and/or Dashboard is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.
To administer the App(s), Dashboard and Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep the App(s), Dashboard and Site safe and secure. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing the App(s), our services and our marketing strategy and/or for the performance of the contract that we are about to enter, or have already entered, into with you.
Marketing and Communications Data
Communications Data. Notifying you about new Fika products, services or features that are available to you, changes to Fika features or services or tips on how to use Fika by sending emails or push notifications to you. Organizing, running and inviting you to Fika Community events.
Marketing. Where you (i) contact us on behalf of an organisation; (ii) are an individual who has requested information from us; or (iii) have consented to us using your personal data for marketing purposes, we may use your information to send you updates and news concerning Fika, which we feel may be of interest to you. If at any time you wish us to stop using your information for these purposes, please notify us using the contact information set out above. We will never send communications to you that market, or advertise within the App the products or services of another company, and we will never allow anyone else to use your information for marketing their products and services to you.
Managing Your Preferences. You can choose to stop receiving communications and marketing from us by email at any time by emailing us or by clicking on the unsubscribe link in any email that we send to you. You can manage push notifications in the settings in the App or in your device settings.
Information we collect about you from third parties.
Information received from your Community
We may use the Identity Data received from your Community or your employer, organisation with whom you work and/or the institution or university at which you study (“Community Organisation”):
- if your right to access Fika results from an agreement between us and your Community Organisation including for the purpose of registering you with Fika;
- if your right to access Fika is in conjunction with a Fika development or one of our research studies entered into between us and your Community, the Community Organisation may share your name and contact details with us (if you have given them permission to do so), for the purpose of our agreement with them or your involvement in the research study;
- in order to liaise with you about the proposed agreement between us and your Community Organisation, or your intended use of Fika;
- if you participate in any face-to-face Fika Training; or
- if you are to be appointed as an admin user for a Dashboard.
Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of developing our business, Fika and the App(s), or for the performance of the contract that we are about to enter, or have already entered, into with you or your Community Organisation.
Information received from other sources
We may also receive contact information about you from other Fika users (e.g. if they add you as a contact, colleague or refer you as a friend or family member via the App or for you to become an admin user of the Dashboard).
To deliver the Fika service and to support the App, we use a number of Google owned services (Google Compute Engine (and the suite of tools provided within it), Google Firebase, Hosting, Analytics, AdSense, Ads). These third party services collect the following information automatically about you when you access and use the App: age category (18-24, 25-34, 35-44, 45-54, 55-64, and 65+), the store from which you downloaded and installed the App, the App version being used, the country in which you live, the brand name, category and model name of your device (e.g., Motorola or LG, mobile or tablet, iPhone 5s or SM-J500M), the time at which you first opened the App, when you start a new session in the App and the duration of the session, your gender, interests, the language setting of your device OS, whether you are a new or established App user, and your OS version. We also collect information about when you refresh or close the App, when you install updates and App performance data such as crashes or timeouts. Google Firebase will share this information with us as part of an analytics console (Google Analytics for Firebase).
From Google Analytics, Google Ads and AdSense, Google Play Console and Apple AppStore Connect, we collect the following information regarding how you found and interact with our marketing campaigns, Site or App: the browser, the type of content you interacted with and the device you used, the version of the App downloaded, your postcode and the App Store used. From providers such as SendInBlue we collect the following information on how you interact with emails we may send you: which emails you open, the time and day of opening, device used and how you interact with any content included within the email.
From Google Firebase Cloud Messaging we collect the following information: how you interact with push notifications sent via the App, including how it is received, if you dismiss or click the notification and the time of interaction.
We will use the information received from our third party service providers such as Google, Apple and SendInBlue (as further details above) through their analytics dashboards:
- To ensure that content from the App(s), Dashboard and Site is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.
- For analysis and statistical purposes. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing Fika, our services and our marketing strategy.
- To administer the App(s), Dashboard and Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep the App(s), Dashboard and Site safe and secure. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing the App(s), our services and our marketing strategy and/or for the performance of the contract that we are about to enter, or have already entered, into with you.
We also use Google Firebase and the suite of tools provided within it to support the Fika App(s). The legal basis for the use of Google Firebase is our legitimate interest in maintaining our App(s) to deliver the Service, keep it stable, evaluate its performance and improve the user experience.
We may also receive or collect your personal information from publicly available sources, for example, LinkedIn. Our legal basis for the use of personal information from publicly available sources is our legitimate interest to know our customers and for business development.
Disclosure of your information
We will share your personal information with our service providers from time to time who act as processors based in the United Kingdom, European Union and United States. The table below sets out a non-exhaustive list (which we may update or supplement from time to time) of our service providers and the scope of the services that they provide to us. Some of our service providers may use further sub-processors and for full details, please see their respective privacy policies.
Your Community Organisation
We may also disclose limited personal information to your Community Organisation. If your access to Fika is as a result of a contract we have between us and your Community Organisation, we may disclose the fact that you have registered with Fika and the Fika courses that you have or have not completed. We will never disclose any details of your Notes Content or any responses, results, entries, recommendations or contents from the courses you complete.
Other potential disclosures
We may also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Fika or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal, regulatory or tax obligation.
- If you are an admin on the Dashboard your contact details will be available to other admins in your Community via the Dashboard.
We do not sell your personal information to others and if we wish to use your personal information for a purpose beyond that for which it was originally provided, we will ask for your consent or seek to rely on another valid legal ground to process your personal information in accordance with the applicable law.
Fika provides hyperlinks to websites owned and controlled by others. Fika is not responsible for the privacy practices of any website that it does not own or otherwise control and you should read the privacy policies of websites owned and controlled by others before deciding whether to proceed.
How long your personal information will be kept
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy, which you can request from us by contacting us at email@example.com.
In some circumstances we may anonymise or obfuscated your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You can close your account at any time by using the ‘Delete your account’ button in the settings area of the Fika mobile App or by emailing firstname.lastname@example.org from the email address registered to your account. We will also close your account automatically if it remains inactive for three years. When your account is closed, all content added by you will be deleted, anonymised or obfuscated. However, a log of your e-mail (user ID) will be retained for a maximum of one year.
Storage of your personal data
We aim to store most of our data in the United Kingdom (UK) and European Economic Area (EEA), which is where many of our service providers and data storage locations are situated. However, we do have to use some service providers who are based outside the EEA and UK. In these circumstances, your personal data may be transferred outside the EEA and UK, for example to the United States (US).
If we transfer any of your personal data out of the EEA and UK we will, as required by applicable law, ensure that your privacy rights are adequately protected and that a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data under applicable data protection law.
- Where we use certain service providers, we may use specific contracts approved by the regulator, which give personal data the same protection it has in the EEA or UK, as applicable.
- We will undertake a Data Transfer Assessment (or equivalent due diligence and risk assessment) as is required by applicable law.
We carefully choose the partners we select to make sure that your privacy rights are adequately protected. Please contact our Privacy Manager if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA and UK.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the App(s), Dashboard or Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the App(s) or Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Under data protection laws, you have a number of important rights free of charge. In summary, those include rights to:
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information (also known as ‘the right to be forgotten’) concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
You can withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you would like to exercise any of those rights, please contact our Privacy Manager as below. When contacting us, please let us have enough information to identify you (e.g. name, email address), let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
Please let us know if you have any query or concern about our use of your information on email@example.com.
While we would ask you to please contact our Privacy Manager in the first instance, data protection laws also give you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: +44 (0) 303 123 1113.
© 2022 Fika Community Limited. All Rights Reserved. Registered company No. 11114186.