Privacy Policy

This Privacy Policy (together with our Terms of Use) explains how we use any personal information about you that is collected or generated through your use of:

our website, www.fika.community (the “Site”);
our “Fika” mobile apps (the “Apps” or any one of them an “App”);
our Fika emotional fitness research studies which may take place separately from the Site or Apps (the “Fika Studies”);
the Apps and Fika Studies in the context of face-to-face interactions between Fika users; and
through your attendance at Fika Community events.

In these Terms, we refer to our Site, Apps and Fika Studies (and the services available from any of them) collectively as “Fika”.

Fika is owned and operated by Fika Community Limited, a company registered in England and Wales under number 11114186 with its registered office at Challenge House, Sherwood Drive, Bletchley, Milton Keynes MK3 6DP (“we”, “our”, and “us”). For the purpose of data protection laws, Fika Community Limited is your data controller and is registered with the Information Commissioner’s Office (ICO) under Registration Number ZA498380.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it. Please note that this Privacy Policy is not an exclusive description of how we processes the personal information of individuals.

Contacting Us

If you have any questions about this Privacy Policy or your information, or to exercise any of your rights as described in this Privacy Policy or under applicable data protection laws, you can contact our Privacy Manager at dataprotection@fika.community .

Information we may collect from you

We may collect and process the following data about you:

Identity Data: The identity and contact details you give us when you register to use Fika, when you report a problem with or have a question about Fika, if you agree to participate in one of our Fika Studies, when contacting us to discuss your or your organisation’s use of or interest in using Fika, or in relation to your attendance at a Fika Community event. The basic information that you must give us in order to open a Fika account on the App(s) is your email address and age consent (over 16). However, we may sometimes collect additional information from you such as your name, student ID number, office address, postcode, phone number, date of birth or year of birth, university year of study, subject of study and year of graduation. We will also request your email address and password each time you access the Apps or Site.
Profile Name: You have a choice of: (i) adding your name as your profile name; or (ii) the App(s) can generate at random anonymous profile names from which you can choose. Your chosen profile name will be used to identify you in the context of the App(s) and your use of Fika.
Location Data: We may collect the IP address that you use to connect to the App(s) or Site, and (where activated and you have agreed to this on your mobile device) your location information from your mobile device. Please see our Cookies Policy for further information. Certain functions on the App(s) may make use of location data sent from your device to provide and improve location-based products and services. You can turn off this functionality at any time by turning off the location services settings for Fika on the device.
Profile and Usage Data: This includes information about how you use Fika such as your Fika topics, goals, interests, preferences, feedback, survey responses, Fika exercises selected, purchase history, duration of use, frequency of use, profile building, image choices and desired outcomes e.g. 'finding my strengths' or 'developing resilience'. Usage data may be collected by cookies and tracking technology. Please see our Cookies Policy for further information.
Your Content: The App(s) offer features which allows you to input and store your thoughts, ideas, emotions and other notes in a journal (“Journal/Notes Content”). As additional features are introduced to Fika, you may also be able to input other user generated content (such as pledges or information about your activity) to enable you to interact with or share your activity with other Fika users (“User Generated Content”).
Feedback Data: If you contact us to provide feedback or with any queries, or if you provide feedback to us during the course of one of our Fika Studies, we may keep a record of that correspondence.
Device Data: With regard to your use of the Apps or Site we will automatically collect information about your mobile device, including, where available, your device ID, and operating system, for system administration and to analyse statistical data about our users’ actions and patterns. Device Data may be collected by cookies. Please see our Cookies Policy for further information.
Marketing and communications data: This includes your preferences for receiving marketing from us.

If you attend a Fika Community event, the personal information we hold about you includes the information listed above, as well as any dietary requirements or information regarding accessibility that you may provide to us. We may also photograph and/or film Fika Community events. Attendees may be requested to sign an image release form, in relation to our use of your image.

We also collect, use and share Aggregated Data such as statistical or demographic data for our legitimate business interests. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Information about others

If you submit personal information on behalf of another person (e.g. if you add a contact or refer a friend or family member via the App), you confirm that you have made that person aware of how we may collect, use and disclose their personal information, the reason you have provided it, how they can contact us and the terms of this Privacy Policy. You further confirm that they agree to such collection, use and disclosure.

A note about your health and other sensitive information

Where we process other special category data, data protection law requires that we satisfy certain additional conditions.

If you choose to add Content that includes information about your mental and physical health and wellbeing, or any other sensitive information about you (for example, in your Journal/Notes Content), we will collect and store this Content on the basis that you provided your explicit consent for us to do so when accessing the relevant features of the Apps, by means of a separate opt-in option. If you do not provide this explicit consent or if you withdraw your explicit consent at any time then you will not be able to continue to use the Journal/Notes feature of the App.

If you provide us with other special category data (for example, when hosting events we may be required to process special category data such as any dietary requirements or information regarding accessibility) we will only do so with your explicit consent.

Information we may receive from third parties

If your right to access Fika results from:

(i) an agreement between us and the university or educational institution where you study or graduated from, or your employer or other organisation of which you are a member (“Community”); or

(ii) is in conjunction with a Fika development or one of our Research Studies entered into between us and your Community, the Community may share your name and contact details (“Identity Data”) with us (if you have given them permission to do so), for the purpose of our agreement with them or your involvement in the Research Study.

We may also receive contact information about you from other Fika users (e.g. if they add you as a contact or refer you as a friend or family member via the App).

To deliver the Fika service and to Support the App, we use a number of Google owned services (Firebase (and the suite of tools provided within it), Cloud Firestore, Firebase Cloud Messaging, Analytics, AdSense and Ads). These third party services collect the following information automatically about you when you access and use the App: age category (18-24, 25-34, 35-44, 45-54, 55-64, and 65+), the store from which you downloaded and installed the App, the App version being used, the country in which you live, the brand name, category and model name of your device (e.g., Motorola or LG, mobile or tablet, iPhone 5s or SM-J500M), the time at which you first opened the App, when you start a new session in the App and the duration of the session, your gender, interests, the language setting of your device OS, whether you are a new or established App user, and your OS version. We also collect information about when you refresh or close the App, when you install updates and App performance data such as crashes or timeouts. Google Firebase will share this information with us as part of an analytics console (Google Analytics for Firebase).

From Google Analytics, Google Ads and AdSense, Google Play Console and Apple AppStore Connect, we collect the following information regarding how you found and interact with our marketing campaigns, website or App: the browser, the type of content you interacted with and the device you used, the version of the App downloaded, your postcode and the App Store used. From providers such as SendInBlue we collect the following information on how you interact with emails we may send you: which emails you open, the time and day of opening, device used and how you interact with any content included within the email.

From Google Firebase Cloud Messaging we collect the following information: how you interact with push notifications sent via the App, including how it is received, if you dismiss or click the notification and the time of interaction.

Uses made of the information

We use information held about you in the following ways:

Identity Data

For the provision of the Apps, the Site and the services available from them to you and to provide you with the information, products and services that you request from us through the Apps or Site together with customer support. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.

Notifying you about changes to the Fika Terms of Use or Privacy Policy. Our legal basis for using your information in this manner is the performance of the contract that we have entered into with you and for the performance of our legal obligations.

To manage and run Fika Studies in which you are involved. Our use of your identity data for these purposes is on the basis of your consent (which may have been given to us or to your Community).

To organise, run and invite you to Fika Community events.

To notify you about new Fika products, services or features which are available to you, changes to Fika features or services or tips on how to use Fika by sending emails or push notifications to you. You can opt out of receiving these communications from us by updating your communications preferences in the App, or by clicking on the unsubscribe link in any email that we send to you.

Your Content

Your Journal/Notes Content is collected and stored so that we can provide the Journal/Notes function on the Apps to you. We will not use it for any other purposes. We do not monitor, review or analyse data that is stored in a Journal/Notes. You can delete your entries at any time.

Any User Generated Content (excluding your Journal/Notes Content) which you input to enable you to interact with other Fika users is collected and stored, so that we can provide the relevant features to you.

If you choose to share any of your User Generated Content with others in the Fika Community (e.g. your family, friends or the entire community of Fika users), you will have control over what to share or what not to share. Please note that once you have shared User Generated Content with others, it may not be possible for us to remove that content.

We will not review your User Generated Content unless it is relevant to an issue that we are investigating as a result of our Peer Reporting Policy. You agree that we may access and use your User Generated Content for this purpose. We reserve the right, without obligation, to edit or remove any User Generated Content as a result of such investigation or in the event of a breach of our Terms of Use.

Profile and Usage Data

Collecting and profiling your Profile and Usage Data, to improve your user experience. Our legal basis for using your information in this manner is the performance of the contract that we have entered into with you.

Ensuring that content from the Apps or Site is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.

Suggesting content and activities for you to try on Fika based on your previous uses of Fika, either through push notifications to your device, or emails sent to your registered email address. Our legal basis for using your information in this manner is the performance of the contract that we have entered into with you.

Feedback Data, Device Data and Profile & Usage Data

Asking you to provide feedback, leave a review or take a survey. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services for the purpose of our future development of Fika, and of managing and moderating member access to the Apps or Site.

Ensuring that content from the Apps is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.

For analysis and statistical purposes. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing Fika, our services and our marketing strategy.

To administer the Apps and Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep the Apps and Site safe and secure. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing the App, our services and our marketing strategy and/or for the performance of the contract that we are about to enter, or have already entered, into with you.

Marketing and Communications Data

Communications Data. Notifying you about new Fika products, services or features that are available to you, changes to Fika features or services or tips on how to use Fika by sending emails or push notifications to you. Organizing, running and inviting you to Fika Community events.

Marketing. Where you (i) contact us on behalf of an organisation; (ii) are an individual who has requested information from us; or (iii) have consented to us using your personal data for marketing purposes, we may use your information to send you updates and news concerning Fika, which we feel may be of interest to you. If at any time you wish us to stop using your information for these purposes, please notify us using the contact information set out above. We will never send communications to you that market, or advertise within the Apps the products or services of another company, and we will never allow anyone else to use your information for marketing their products and services to you.

Managing Your Preferences. You can choose to stop receiving communications and marketing from us by email at any time by emailing us or by clicking on the unsubscribe link in any email that we send to you. You can manage push notifications in the settings in the App or in your device settings.

Information we collect about you from third parties.

Information received from your Community

We may use the Identity Data received from your Community in order to liaise with you about the proposed agreement between us and your Community, or your intended use of Fika. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of developing our business, Fika and the App, and/or for the performance of the contract that we are about to enter, or have already entered, into with you or your Community.

Information received from other sources

We will use the information received from our third party service providers such as Google, Apple and SendInBlue through their analytics dashboards:

To ensure that content from the Apps is presented in the most effective manner for you and for your device. Our legal basis for using your information in this manner is the performance of the contract that we are about to enter, or have already entered, into with you.

To administer the App(s) and Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep the Apps and Site safe and secure. Our legal basis for using your information in this manner is that it is necessary for our legitimate interests of studying how customers view and use our products and services and of further developing the App, our services and our marketing strategy and/or for the performance of the contract that we are about to enter, or have already entered, into with you.

We also use Google Firebase and the suite of tools provided within it to support the Fika App(s). The legal basis for the use of Google Firebase is our legitimate interest in maintaining our App(s) to deliver the Service, keep it stable, evaluate its performance and improve the user experience.

Disclosure of your information

Service Providers

We will share your personal information with our service providers from time to time who act as processors based in the United Kingdom, European Union and United States. The table below sets out a non-exhaustive list (which we may update or supplement from time to time) of our service providers and the scope of the services that they provide to us. Some of our service providers may use further sub-processors and for full details, please see their respective privacy policies.

Provider	Basis of use
Apple app store connect	iOS device aggregated app download analytics
Capsule	CRM platform
Cloud Functions for Firebase	Computer processing to support App(s) functions.
Cloud Storage for Firebase	Cloud database, contains information such as email addresses and subscription details.
Firebase A/B Testing	Used to serve different features or content to different users to improve the experience.
Firebase Authentication	Authenticating accounts e.g. email and password.
Firebase Cloud Messaging	Send messages to users including push notifications.
Firebase Crashlytics	App(s) crash monitoring.
Firebase Dynamic Links	Creates unique links e.g. device verification.
Firebase In-App Messaging	This allows us to send tailored messages to users within the App(s).
Firebase Performance Monitoring	Tracks App(s) performance such as load times.
Firebase Platform	Google mobile development platform.
Firebase Predictions	Uses machine learning to help predict what users will do to enable experience optimisation for users.
Firebase Remote Configuration	Enables customisation of elements of the App(s) for different audiences and without requiring App updates.
Google Play Console	Android device aggregated app download analytics
Google Ads	Digital marketing and analytics platform
Google AdSense	Monitor effectiveness of marketing campaigns
Google Analytics	App usage & website analytics
Google Analytics for Firebase	Provides aggregated App analytics to help understand how the App(s) are used.
Google BigQuery	Data warehouse analysis tool, used to mine app analytics.
Google Cloud Firestore	Data hosting and backup storage
Google Data Studio	Data visualisation tool.
Google G-Suite for Business	Assistance with business activities such as: staff emails, customer service and gathering user feedback
Netlify	Website hosting, contact forms and newsletter signup
Mailgun (EU)	To send transactional and bulk emails.
OneSignal	Send push notifications and messages to users.
Optimizely	To test and improve different elements of the product and to understand user behaviour with those tests based on events.
SendInBlue	Send relevant & appropriate email communications
Slack	Assistance with business activities such as: internal communication and occasional customer service.
Specialist individual contractors and consultants	Specialist individual contractors and consultants

Other potential disclosures

We may also disclose your personal information to third parties:

In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If Fika or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal, regulatory or tax obligation.

We do not sell your personal information to others and if we wish to use your personal information for a purpose beyond that for which it was originally provided, we will ask for your consent or seek to rely on another valid legal ground to process your personal information in accordance with the applicable law.

Links

Fika provides hyperlinks to websites owned and controlled by others. Fika is not responsible for the privacy practices of any website that it does not own or otherwise control and you should read the privacy policies of websites owned and controlled by others before deciding whether to proceed.

How long your personal information will be kept

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy, which you can request from us by contacting us at dataprotection@fika.community.

In some circumstances we may anonymise or obfuscated your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

You can close your account at any time by emailing hello@fika.community from the email address registered to your account. We will also close your account automatically if it remains inactive for three years. When your account is closed, all content added by you will be deleted, anonymised or obfuscated.

Storage of your personal data

We aim to store most of our data in the United Kingdom (UK) and European Economic Area (EEA), which is where many of our service providers and data storage locations are situated. However, we do have to use some service providers who are based outside the EEA and UK. In these circumstances, your personal data may be transferred outside the EEA and UK, for example to the United States (US).

If we transfer any of your personal data out of the EEA and UK we will, as required by applicable law, ensure that your privacy rights are adequately protected and that a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data under applicable data protection law.
Where we use certain service providers, we may use specific contracts approved by the regulator, which give personal data the same protection it has in the EEA or UK, as applicable.
If we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.

We carefully choose the partners we select to make sure that your privacy rights are adequately protected. Please contact our Privacy Manager if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA and UK.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Apps or Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Apps or Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your rights

Under data protection laws, you have a number of important rights free of charge. In summary, those include rights to:

access to your personal information and to certain other supplementary information that this Privacy Policy is already designed to address
require us to correct any mistakes in your information which we hold
require the erasure of personal information (also known as ‘the right to be forgotten’) concerning you in certain situations
receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
object at any time to processing of personal information concerning you for direct marketing
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
object in certain other situations to our continued processing of your personal information
otherwise restrict our processing of your personal information in certain circumstances

You can withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you would like to exercise any of those rights, please contact our Privacy Manager as below. When contacting us, please let us have enough information to identify you (e.g. name, email address), let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

Please let us know if you have any query or concern about our use of your information on dataprotection@fika.community.

While we would ask you to please contact our Privacy Manager in the first instance, data protection laws also give you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: +44 (0) 303 123 1113.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be notified to you when you first access the Apps after the update has taken place and, where appropriate, notified to you by e-mail. By continuing to use Fika, you confirm that you accept the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must not continue to use Fika.

Contact

Questions, comments and requests regarding this Privacy Policy should be sent by email to dataprotection@fika.community.

hello@fika.community