1.2 Made by Many is a company registered in England and Wales (No. 63463380) and its registered address is Diespeker Wharf, 38 Graham Street, London N1 8JX, UK.
1.3 This Policy sets out how we process personal data collected via the App.
1.4 Any Users under the age of 16 must have the consent of their parent or guardian to use the App and to have their data processed as set out in this Policy. For the purposes of this Policy we expect that such consent has been obtained where necessary.
1.5 Questions about this Policy can be directed to us by email at firstname.lastname@example.org.
2 What data do we collect from the User?
2.1 As part of Users downloading and using the App we will collect and process personal data about Users (“User Data”) which may include the following, where permitted by applicable law:
2.1.1 health data about User blood glucose levels from time to time as well as information about User meals or exercise;
2.1.2 name, date of birth and photograph;
2.1.3 email address and phone number;
2.1.4 location data and IP address;
2.1.5 credit / debit card details and purchase history; and
2.1.6 details of the device being used to access the App including model, unique ID, and operating system.
3 Purposes for which we process User Data
3.1 Made by Many will only process User Data, in accordance with applicable law, for the following purposes:
3.1.1 creating and maintaining accounts for Users;
3.1.2 connecting Users to one another via the App and enabling communication between Users;
3.1.3 allowing Users to record their own blood glucose levels and to share the records with other Users;
3.1.4 enabling our suppliers and service providers to carry out certain functions on our behalf, including payment processing, verification, technical, logistical or other functions, as may be required, in order to provide the App’s functionality;
3.1.5 sending to Users personalised marketing communications, where they have agreed that we may do so, in order to keep them informed of our products and services, which we consider may be of interest to them;
3.1.6 developing and improving the App;
3.1.7 ensuring the security of User accounts and our business, preventing or detecting fraud or abuses of the App, for example, by requesting verification information in order to reset a User’s account password; and
3.1.8 to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
3.2 The legal basis for us processing User Data for the purposes described above will typically be because the User (or their parent / guardian, where the User is under 16) has provided their consent. However, we may also rely on other legal grounds, for example, where the processing is necessary:
3.2.1 for our legitimate business interests; and
3.2.2 for compliance with a legal obligation to which Made by Many is subject.
4 Disclosure of User information
4.1 Each User retains control over any sharing of their User Data with any other User. In the event that a User wishes to stop or reverse such sharing of User Data with another, this can be achieved by contacting us using the details in Section 1.
4.2 There are circumstances where we wish to disclose or are compelled to disclose User Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios may include disclosure:
4.2.1 to our subsidiaries, branches or associated offices;
4.2.2 to our outsourced service providers or suppliers to facilitate the provision of our services or goods to our Users, for example, the disclosure to our data centre provider for the safe keeping of User Data, webhosting provider through which User Data may be collected, identity verification partners in order to verify User identity against public databases;
4.2.3 subject to User consent, to our marketing partners, who may contact consenting Users by post, email, telephone, SMS or by other means;
4.2.4 to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
4.2.5 to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, User Data will be permanently transferred to a successor company;
4.2.6 to public authorities where we are required by law to do so; and
4.2.7 to any other third party where the User has provided their consent.
5 International transfer of User Data
We may transfer User Data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out in paragraph 3 above. In particular, User Data may be transferred to our outsourced service providers located abroad. In these circumstances we will, as required by applicable law, ensure that User privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means. Please contact us as per paragraph 1.4 for a copy of the safeguards which we have put in place to protect User Data and privacy rights in these circumstances.
6 Retention of User Data
User Data will be retained until as long as is reasonably necessary for the purposes listed above or as required by local applicable law. Please contact us for further details of applicable retention periods.
7 Data subject rights
UK data protection law provides Users with numerous rights, including the right to: access, rectify, erase, restrict, transport and object to the processing of their User Data. The App’s functionality enables many of these rights to be easily exercised; however, if you would like more information about how to exercise your rights please contact us directly. Individuals also have the right to lodge a complaint with the Information Commissioner’s Office if they believe that their User Data is not being processed in accordance with applicable data protection law. Please visit the ICO website for more information.