Privacy Policy
This Privacy Policy (together with our Terms of Use) explains how we use any personal information about you that is collected or generated through your use of:
- our website, www.fika.community (the “Site”);
- our “Fika” mobile apps (the “Apps” or any one of them an “App”);
- our Fika emotional fitness research studies which may take place separately from the Site or Apps (the “Fika Studies”);
- the Apps and Fika Studies in the context of face-to-face interactions between Fika users.
In these Terms, we refer to our Site, Apps and Fika Studies (and the services available from any of them) collectively as “Fika”.
Fika is owned and operated by Fika Community Limited, a company registered in England and Wales under number 11114186 with its registered office at Challenge House, Sherwood Drive, Bletchley, Milton Keynes MK3 6DP (“we”, “our”, and “us”). For the purpose of data protection laws, Fika Community Limited is your data controller and is registered with the Information Commissioner’s Office (ICO) under Registration Number ZA498380.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it. Please note that this Privacy Policy is not an exclusive description of how we processes the personal information of individuals.
Contacting Us
If you have any questions about this Privacy Policy or your information, or to exercise any of your rights as described in this Privacy Policy or under applicable data protection laws, you can contact our Privacy Manager at dataprotection@fika.community.
Information we may collect from you
We may collect and process the following data about you:
- Identity Data: The identity and contact details you give us when you register to use Fika, when you report a problem with or have a question about Fika, if you agree to participate in one of our Fika Studies, or when contacting us to discuss your or your organisation’s use of or interest in using Fika. The basic information that you must give us in order to open a Fika account on the App is your email address and age consent (over 16). However, we may sometimes collect additional information from you such as your name, student ID number, office address, phone number, date of birth or year of birth, university year of study, subject of study and year of graduation. We will also request your email address and password each time you access the Apps or Site.
- Profile Name: The App will generate at random anonymous profile names for you to choose from, which will be used to identify you in the context of the App and your use of Fika.
- Location Data: We may collect the IP address that you use to connect to the App or Site, and (where activated and you have agreed to this on your mobile device) your location information from your mobile device. Please see our Cookies Policy for further information. Certain functions on the App may make use of location data sent from your device to provide and improve location-based products and services. You can turn off this functionality at any time by turning off the location services settings for Fika on the device.
- Profile and Usage Data: This includes information about how you use Fika such as your Fika topics, goals, interests, preferences, feedback, survey responses, Fika exercises selected, duration of use, frequency of use, profile building, image choices and desired outcomes e.g. 'finding my strengths' or 'developing resilience'.. Usage data may be collected by cookies and tracking technology. Please see our Cookies Policy for further information.
- Your Content: The App offers a feature which allows you to input and store your thoughts, ideas, emotions and other notes in a journal (“Journal Content”). As additional features are introduced to Fika, you may also be able to input other user generated content, to enable you to interact with other Fika users (“User Generated Content”).
- Feedback Data: If you contact us to provide feedback or with any queries, or if you provide feedback to us during the course of one of our Fika Studies, we may keep a record of that correspondence.
- Device Data: With regard to your use of the Apps or Site we will automatically collect information about your mobile device, including, where available, your device ID, and operating system, for system administration and to analyse statistical data about our users’ actions and patterns. Device Data may be collected by cookies. Please see our Cookies Policy for further information.
- Marketing and communications data: This includes your preferences for receiving marketing from us.
We also collect, use and share Aggregated Data such as statistical or demographic data for our legitimate business interests. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Information about others
If you submit personal information on behalf of another person (e.g. if you add a contact or refer a friend via the App), you confirm that you have made that person aware of how we may collect, use and disclose their personal information, the reason you have provided it, how they can contact us and the terms of this Privacy Policy. You further confirm that they agree to such collection, use and disclosure.
A note about your health and other sensitive information
If you choose to add Content that includes information about your mental and physical health and wellbeing, or any other sensitive information about you (for example, in your Journal Content), we will collect and store this Content on the basis that you provided your explicit consent for us to do so when accessing the relevant features of the Apps, by means of a separate opt-in option. If you do not provide this explicit consent or if you withdraw your explicit consent at any time then you will not be able to continue to use the Journal feature of the App.
Information we may receive from third parties
If your right to access Fika results from:
(i) an agreement between us and the university or educational institution where you study or graduated from, or your employer or other organisation of which you are a member (“Community”); or
(ii) is in conjunction with a Fika development or one of our Research Studies entered into between us and your Community, the Community may share your name and contact details (“Identity Data”) with us (if you have given them permission to do so), for the purpose of our agreement with them or your involvement in the Research Study.
We may also receive contact information about you from other Fika users (e.g. if they add you as a contact or refer you as a friend via the App).
To deliver the Fika service we use a number of Google owned services (Firebase, Cloud Firestore, Firebase Cloud Messaging, Analytics, AdSense and Ads). These third party services collect the following information automatically about you when you access and use the App: age category (18-24, 25-34, 35-44, 45-54, 55-64, and 65+), the store from which you downloaded and installed the App, the App version being used, the country in which you live, the brand name, category and model name of your device (e.g., Motorola or LG, mobile or tablet, iPhone 5s or SM-J500M), the time at which you first opened the App, when you start a new session in the App and the duration of the session, your gender, interests, the language setting of your device OS, whether you are a new or established App user, and your OS version. We also collect information about when you refresh or close the App, when you install updates and App performance data such as crashes or timeouts. Google Firebase will share this information with us as part of an analytics console (Google Analytics for Firebase).
From Google Analytics, Google Ads and AdSense, Google Play Console and Apple AppStore Connect, we collect the following information regarding how you found and interact with our marketing campaigns, website or App: the browser, the type of content you interacted with and the device you used, the version of the App downloaded and the App Store used. From providers such as SendInBlue we collect the following information on how you interact with emails we may send you: which emails you open, the time and day of opening, device used and how you interact with any content included within the email.
From Google Firebase Cloud Messaging we collect the following information: how you interact with push notifications sent via the App, including how it is received, if you dismiss or click the notification and the time of interaction.
Uses made of the information
We use information held about you in the following ways:
Identity Data
For the provision of the Apps, the Site and the services available from them to you and to provide you with the information, products and services that you request from us through the Apps or Site together with customer support. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.
Notifying you about changes to the Fika Terms of Use or Privacy Policy. Our legal basis for using your information in this manner is the performance of the contract that we have entered into with you and for the performance of our legal obligations.
To manage and run Fika Studies in which you are involved. Our use of your identity data for these purposes is on the basis of your consent (which may have been given to us or to your Community).
To notify you about new Fika products, services or features which are available to you, changes to Fika features or services or tips on how to use Fika by sending emails or push notifications to you. You can opt out of receiving these communications from us by updating your communications preferences in the App, or by clicking on the unsubscribe link in any email that we send to you.
Your Content
Your Journal Content is collected and stored so that we can provide the Journal function on the Apps to you. We will not use it for any other purposes. We do not monitor, review or analyse data that is stored in a journal. You can delete your entries at any time.
Any User Generated Content (excluding your Journal Content) which you input to enable you to interact with other Fika users is collected and stored, so that we can provide the relevant features to you. We will not review your User Generated Content unless it is relevant to an issue that we are investigating either as a result of our Peer Reporting Policy. You agree that we may access and use your User Generated Content for this purpose. We reserve the right, without obligation, to edit or remove any User Generated Content as a result of such investigation or in the event of a breach of our Terms of Use.
Profile and Usage Data
Collecting and profiling your Profile and Usage Data, to improve your user experience. Our legal basis for using your information in this manner is the performance of the contract that we have entered into with you.
Ensuring that content from the Apps or Site is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.
Suggesting content and activities for you to try on Fika based on your previous uses of Fika, either through push notifications to your device, or emails sent to your registered email address. Our legal basis for using your information in this manner is the performance of the contract that we have entered into with you.
Feedback Data, Device Data and Profile & Usage Data
Asking you to provide feedback, leave a review or take a survey. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services for the purpose of our future development of Fika, and of managing and moderating member access to the Apps or Site.
Ensuring that content from the Apps is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.
For analysis and statistical purposes. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing Fika, our services and our marketing strategy.
To administer the Apps and Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep the Apps and Site safe and secure. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing the App, our services and our marketing strategy and/or for the performance of the contract that we are about to enter, or have already entered, into with you.
Marketing and Communications Data
Notifying you about new Fika products, services or features which are available to you, changes to Fika features or services or tips on how to use Fika by sending emails or push notifications to you. You can opt out of receiving communications from us by email by updating your communications preferences in the App, or by clicking on the unsubscribe link in any email that we send to you. You can manage push notifications in your device settings.
We will never send communications to you that market, or advertise within the Apps the products or services of another company, and we will never allow anyone else to use your information for marketing their products and services to you.
Information we collect about you from third parties.
Information received from your Community
We may use the Identity Data received from your Community in order to liaise with you about the proposed agreement between us and your Community, or your intended use of Fika. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of developing our business, Fika and the App, and/or for the performance of the contract that we are about to enter, or have already entered, into with you or your Community.
Information received from other sources
We will use the information received from our third party service providers such as Google, Apple and SendInBlue through their analytics dashboards:
To ensure that content from the Apps is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.
For analysis and statistical purposes. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing Fika, our services and our marketing strategy.
To administer the Apps and Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep the Apps and Site safe and secure. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing the App, our services and our marketing strategy and/or for the performance of the contract that we are about to enter, or have already entered, into with you.
Disclosure of your information
Service Providers
We will share your personal information with our service providers who act as processors based in the United Kingdom, European Union and United States. The table below sets out a list of our service providers and the scope of the services that they provide to us.
| Provider | Basis of use |
|---|---|
| Apple app store connect | iOS device aggregated app download analytics |
| Capsule | CRM platform |
| Google Play Console | Android device aggregated app download analytics |
| Google Ads | Digital marketing and analytics platform |
| Google AdSense | Monitor effectiveness of marketing campaigns |
| Google Analytics | App usage & website analytics |
| Google Cloud Firestore | Data hosting and backup storage |
| Google G-Suite for Business | Assistance with business activities such as: staff emails, customer service and gathering user feedback |
| Google Firebase | App development platform and hosting |
| Google Firebase Cloud Messaging | Send messages to users including push notifications |
| Google Tag Manager | Website tracking & analytics |
| Netlify | Website hosting, contact forms and newsletter signup |
| SendInBlue | Send relevant & appropriate email communications |
| Slack | Assistance with business activities such as: internal communication and occasional customer service. |
| Specialist individual contractors and consultants | Specialist individual contractors and consultants |
Other potential disclosures
We may also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Fika or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal, regulatory or tax obligation.
We will not share or make your Identity Data available to other Fika users or to any third parties for marketing.
We do not sell your personal information to others and if we wish to use your personal information for a purpose beyond that for which it was originally provided, we will ask for your consent or seek to rely on another valid legal ground to process your personal information in accordance with the applicable law.
Links
Fika provides hyperlinks to websites owned and controlled by others. Fika is not responsible for the privacy practices of any website that it does not own or otherwise control and you should read the privacy policies of websites owned and controlled by others before deciding whether to proceed.
How long your personal information will be kept
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy, which you can request from us by contacting us at dataprotection@fika.community.
In some circumstances we may anonymise or obfuscated your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You can close your account at any time by emailing hello@fika.community. We will also close your account automatically if it remains inactive for three years. When your account is closed, all content added by you will be deleted, anonymised or obfuscated.
Storage of your personal data
We aim to store most of our data in the United Kingdom (UK) and European Economic Area (EEA), which is where the majority of our service providers and data storage locations are situated.
Occasionally, we have to use service providers who are based outside the EEA and UK. In these limited circumstances, some of your personal data may be transferred outside the EEA and UK.
If we transfer any of your personal data out of the EEA and UK. We will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission, which give personal data the same protection it has in the EEA.
- If we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact our Privacy Manager if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Apps or Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Apps or Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights
Under data protection laws, you have a number of important rights free of charge. In summary, those include rights to:
- access to your personal information and to certain other supplementary information that this Privacy Policy is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information (also known as ‘the right to be forgotten’) concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
You can withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you would like to exercise any of those rights, please contact our Privacy Manager as below. When contacting us, please let us have enough information to identify you (e.g. name, email address), let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
Please let us know if you have any query or concern about our use of your information on dataprotection@fika.community.
While we would ask you to please contact our Privacy Manager in the first instance, data protection laws also give you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: +44 (0) 303 123 1113.
Changes to our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be notified to you when you first access the Apps after the update has taken place and, where appropriate, notified to you by e-mail. By continuing to use Fika, you confirm that you accept the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must not continue to use Fika.
Contact
Questions, comments and requests regarding this Privacy Policy should be sent by email to dataprotection@fika.community.
Contact Us
hello@fika.community
© 2019 Fika Community Limited. All Rights Reserved. Registered company No. 11114186.
Contact Us
© 2019 Fika Community Limited. All Rights Reserved. Registered company No. 11114186.