Introduction
Welcome to the privacy policy for the Anya mobile app (the App) available on the Google Play Store or Apple Store (each the App Store) and website https://anya.health. Anya is committed to complying with data protection principles and GDPR 2018 as requested by law.
The App utilises state of the art computer graphics and vision technologies to help mums and mums-to-be learn and improve their latching on skills in the comfort of their own environment after or even before giving birth. It also gives individualised support to help mums and babies to carry on breastfeeding for as long as possible. Anya does not replace medical advice and medical needs must be discussed with a health care professional.
The App is operated by LatchAid Ltd., a company registered in England and Wales under company number 11485792 (LatchAid, we, us, ours). Our registered address is Bowood Cottage, Windmill Road, Kemble, Gloucestershire GL7 6AL.
This privacy policy together with the App Terms and Conditions and any additional terms of use incorporated by reference into the App Terms and Conditions, (together our Terms of Use) applies to your use of the App and any of the services accessible through the App (Services) that are available on the App Store or our website.
This policy will inform you how we look after your personal data which we may receive from the App Store in connection with your use of the App as well as through the App itself and tell you about your privacy rights and how the law protects you. It also includes how we collect and use the Personal Data that we receive about you, as well as your rights in relation to that Personal Data, when you visit our website and interact with it in any way, including passively.
The App Store will primarily be responsible for any personal data collected through or in connection with the download of the App. To the extent LatchAid receives or collects any personal data through or in connection with the use of the App or website it will do so as a data controller in accordance with this Privacy Policy.
Our privacy and data protection principles
To us privacy and data protection are your human rights
To us protecting your privacy is a duty and we take it very seriously
We will only collect and process data when is necessary and will make this truly clear through this policy
We will not share your personal information with anyone else unless we have your permission to do so.
Our contact details
The Party responsible for the processing of your personal data is as follows: LatchAid Ltd. The Data Controller may be contacted as follows:
Bowood Cottage, Windmill Road, Kemble, Gloucestershire GL7 6AL
The Data Controller and operator of the App and Website are one and the same.
The Data Protection Officer (DPO) is Chen Mao Davies.
The Data Protection Officer may be contacted at the details below.
If you have any questions about this privacy policy or our privacy practices, please contact us in one of the following ways:
Email: Click here
Post: LatchAid Ltd., Bowood Cottage, Windmill Road, Kemble, Gloucestershire GL7 6AL
Website: complete and submit the web enquiry form at https://anya.health/contact
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your use of the App.
Third-party links
The App and/or website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices and practices. When you leave the App, we encourage you to read the privacy policy of every website or app you visit.
Location
LatchAid utilises for data processing and storage activities Amazon Web Services (“AWS”), with all our AWS storage containers and databases located in Ireland (with possible transit through US/EU storage containers).
The data we collect about you and how we use it
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
In line with the principles of data minimization we will only collect and process data that is necessary. The table below describes the data personal data we collect, use, store, and transfer about our users:
Category | Data collected and how we use it |
Account information | includes your first name, last name, or similar identifier, your email address, breastfeeding experience and duration, your age and your child’s date of birth and your postcode – we collect this information in order to: create, administer and maintain your account on our App; to provide our Services to you; to manage our relationship with you, for example to notify you about changes to our Terms of Use, this Privacy Policy or to ask you to leave a review or take a survey. If you choose to, you can also submit your picture (and possibly other information), which will be posted on your profile on our App, to let other users know more about you. |
Website usage | Website users are passive users and do not create accounts, however, may still be subject to certain passive data collection (“Passive Data Collection”). Such Passive Data Collection may include with cookies, IP address information, location information, and certain browser data, such as history and/or session information. |
Professional Data | is data collected from lactation consultants and includes name, email address, location, qualifications, affiliations, and years of experience as a lactation consultant. We use this data in the vetting process of lactation consultants. You can see details of lactation consultant users are engaging with on our website. |
Usage Data | includes your interests, preferences, opinions, feedback and survey responses, and other information and/or materials uploaded to the App by you, for example your correspondence, enquiries, views, and |
opinions uploaded via interactive chat features. We will store this information within our App so that you can have access to it for as long as you are our registered user. We may also use it for statistical and research purposes (including by using our Artificial Intelligence technology to improve and further develop our Services), but only in an aggregated and anonymised format (i.e., in a format that does not allow us to identify who this information relates to). | |
Technical Information | includes information about your device, hardware, or software you use to access the Internet, our App such as IP address or other transactional or identifier information for your device (such as device make and model, information about device operating systems and browsers, or other device or system related specifications). It also includes information about how you use and interact with our App. We collect it using cookies and other tracking technologies and use it to monitor the functioning of our App, to support and further develop the App. |
Some of the information supplied by you in connection with the use of our App may contain Special Categories of Personal Data. Special Categories of Personal Data include information about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data. We do not actively ask for this information, but you may submit it during your use of our App, in particular our in-App chat functionality, which allows you to communicate with other users and lactation professionals. As mentioned above, this information falls under the “Usage Data” category and we will use it only to facilitate your chat interactions, to store them for you in your chat history and we may also us it for statistical and research purposes (see above for more details). When you open a chat function on our App, we will ask you to consent to our use of any such data for such purposes.
If you fail to provide personal data
Where we need to collect personal data by law to provide you with access to the App, and you fail to provide that data when requested, we may not be able to give you access to the App or full use of the Services. This is particularly relevant for the Account Information category of data.
How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions
This includes personal data you provide to the App Store when you create an account and/or download our App as well as any personal data you disclose to us or other users when using our App.
Automated technologies or interactions
As you interact with the App, we will automatically collect Technical Information about your equipment, browsing actions and patterns.
What are the lawful grounds we rely on to process your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform our obligations under the App Terms and Conditions.
Where you have consented to the processing of your personal information.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
Note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal grounds, we are relying on to process your personal data.
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Marketing
We may use your contact details to provide you with information about our work, events, services and/or activities which we consider may be of interest to you. Where we do this via email, SMS, or telephone, we will not do so without your prior consent. You can always opt-out from receiving marketing communications from by following the “unsubscribe” link in our email, or by contacting us (see our contact details in paragraph Our contact details above).
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Disclosures of your personal data
We will allow our staff, consultants and/or external service providers acting on our behalf to access and use your personal data for the activities we have described above. We only
permit them to use it to deliver the relevant service, and if they apply an appropriate level of security protection.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may need to disclose your personal data upon request to regulatory and government bodies as well as law enforcement agencies. We may also merge or partner with other organisations and in so doing, acquire or transfer personal data but your personal data would continue to be used for the purposes set out above.
The personal data we collect from you may be transferred to, shared and/or otherwise processed by organisations or companies outside the European Economic Area (“EEA”). Where your personal data is transferred outside the EEA, we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data (for example, by entering EU Commission approved standard contractual clauses).
Risk Management
LatchAid’s Risk Management process adopts a top-down complemented by a bottom-up approach, following industry best practices. Risks are reviewed, assessed, and mitigation strategies implemented to manage the risks.
Identified risks are mitigated through avoidance, elimination, and control as appropriate. After mitigation, no high risks can be accepted.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. This includes the use of application firewall, encryption of data traffic between the App and the Application Servers, using highest possible degree both when it is stored in our databases and when it is being transmitted.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any concerns about your information, please contact us.
Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements. Typically, we will not keep your personal data for longer than 6 years after you have closed your account on our App or stopped using it.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, by law, you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
Request a correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also
have the right to object if we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
Request the transfer of your personal information to another party.
Withdraw consent at any time, where we are relying on consent. This relates to the initial installation of the App and the use of our Chat functionality, which enables you to submit Special Categories of Personal Data. If you withdraw your consent, this will not affect the lawfulness of any processing carried out before you withdraw your consent. Also, we may not be able to provide the App to you if you withdraw your consent for the installation of the App and if you withdraw your consent for the processing of Special Categories of Personal Data, you will not be able to use our in-App chat functionality.
Request information on the use of profiling to support automated decision making on your interactions with the Anya AI assistant.
If you would like to exercise any of the above rights, please email or write to us (see ‘Our contact details’ above).
Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
Let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
