Last updated: October 2022
“Migiri” is a registered trademark of Digital Literacy S.L.U.
Digital Literacy SLU (“Digital Literacy”, the “Company”, or “we/us”) is committed to respecting and protecting the privacy of its users (“You”, or the “User”). This Privacy Policy explains our practices regarding the use of personal data collected and processed through our service/app Migiri (the “Service”, or “App”). This Privacy Policy integrates our conditions of use of our Service.
Summary
Digital Literacy processes two types of personal data in relation to the Service: (1) your data, as identified below, for which it is responsible (as Data Controller, as defined under the EU’s General Data Protection Regulation (GDPR), or as a business as defined under the California Consumer Privacy Act (CCPA), and (2) the data of your Companion, as defined below, for which you are responsible (as Data Controller as defined under GDPR), while Digital Literacy acts as Data Processor (as defined under GDPR or as a service provider as defined under CCPA).
- Your account and contact data are used for managing our relationship with you, including activation, support, invoicing, and upselling. This is described in Section A of the policy.
- Your Companion’s data is processed on your behalf, for providing the oversight and monitoring services through the control panel. This is described in Section B of the policy.
You are responsible for the configuration and use of the control panel and the processing of personal data associated with your account which includes, among others, collecting, storing , and analysing personal data that you make available to us. You can change those configurations and provide instructions to limit and/or erase any data collected within the control panel.
The Services are designed for use by adults only, and we do not knowingly collect personal information directly from children under the age of 18.
Both Digital Literacy and you agree to comply with this Privacy Policy.
A. DATA PROCESSED BY DIGITAL LITERACY AS DATA CONTROLLER
Please note that this Section does NOT regulate the processing of the data of the so called “Companion” (that is, the person, chosen by you, that will receive notifications and messages about your progresses on your journey with Migiri) by Digital Literacy in its capacity as Processor, which is regulated by Section B attached.
1. Data Controller
The Data Controller is Digital Literacy SLU, domiciled at Roger de Flor 193, bajos, 08013, Barcelona, Spain. You can contact us by writing an email to: info@diliteracy.com
2. Data collection by the Company through the Services
Data Collection. Digital Literacy will collect and process as data controller the following personal data through the Services:
- Registration. If you’re an iOS or macOS user, on registering for our Services, we will only collect your AppleID alias. If you’re not an iOS or macOS user, we will collect the following personal data: name, surname, email address and telephone. This data is mandatory and if it is not provided, an account cannot be created.
- Usage Data. When you use the Migiri app, we track your network activity, meaning that we track the domains of the websites you visit and we classify them. If the website is classified as “adult content”, we only keep the following information: the date and time you visited an adult content website. We do not keep record of the specific websites you visited nor your activity on those webs.
- Payments Data. Our payment providers collect certain payment data which are processed according to their terms and privacy policy which is provided to you during the payment process. Currently we are using Apple Store’s payment service, but we may contract further payment gateways, and their conditions will be provided to you during the payment process.
- Information about your device. Due to the communications standards on the internet, when you visit our App we automatically receive the domain name of the site from which you came and the site to which you are going when you leave the site. We also receive the internet protocol (“IP”) address of your computer and the type of web browser you are using. We use this information to analyse overall trends and to help improve the service. This information is not shared with third parties without your permission.
- Questionnaires data. Upon filling in the questionnaires you can find in our App, you will provide us with the answer to our questions. This information is not shared with third parties without your consent.
- One-to-one Sessions booking data. If you decide to sign up for a one-to-one Session, we will only collect the information about the Counselor you selected. We will not receive any data nor information about you from the Counselor.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Information we Collect and purposes for processing and legal basis. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you (“personal information”). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
We have collected the following types of personal data/information from our registered users as described below within the past twelve months. The personal data we collect about you are used for the purposes indicated below, thanks to the application of the following legal basis.
Data / Purpose for processing / Legal Basis
- Registration Data / Providing you with the Migiri service, provide you with customer service, and sending email notifications. / Performance of the contract (our terms of service) with you, to take steps at your request before entering into such a contract and providing you with our Service
- Registration Data / Sending you our newsletter and communications, in general, about the Services, products and novelties, and product offers or promotions offered by Us, if you provide us with your consent / Consent
- Registration Data / Ensure you comply with our terms of service and comply with legal obligations we are subject to. / Comply with a legal or regulatory obligation: we may process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
- Usage Data / Provide you with the Migiri service / Performance of the contract (our terms of service) with you and providing you with our Service
- Usage Data / Ensure you comply with our terms of service and comply with legal obligations we are subject to. / Comply with a legal or regulatory obligation: we may process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
- Payment Data (payment data processed through our third party payment providers) / Process the payment of our Services / Performance of the contract.
- Payment Data (payment data processed through our third party payment providers) / Ensure you comply with our terms of service and comply with legal obligations we are subject to. / Comply with a legal or regulatory obligation: we may process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
- Information about your device / Improve the quality of our services / Our legitimate interest to conduct and manage our business to enable us to give you the best service/product and the best and most secure experience. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests and we do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Questionnaires data / Better understand our Users and provide them with more customized advices and experiences. / Consent
- One-to-one Sessions booking data / Connect the Migiri User with the Counselor / Performance of the contract (our terms of service) with you.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or features of the Service you interact with.
- Indirectly from you. For example, from observing your actions within the Service.
Generally, we do not rely on consent as a legal basis for processing your Registration Data other than in relation to sending own marketing communications to you via email or text message. However, for transparency and clarity, we ask you to provide this consent, which is given by you on registering your account. You have the right to withdraw consent at any time by contacting us at info@diliteracy.com. This will not affect the processing of your Registration Data for service provision until you cancel your account.
Service optimisation. We may process information on an aggregated non-identifiable basis for establishing user general attributes and profiles and share such anonymous information with third party service providers to help improve or promote our service. We also use your data in a non-identifying and aggregated manner (i.e. dissociated data) to better design our web site, software and services.
Disclosure. We treat your personal data with strict confidentiality in accordance with applicable law. However, we shall disclose any information about you or your use of our Services: (i) in compliance with a legal obligation, (ii) in order to correctly deliver our Services or perform other obligations in accordance to the applicable regulations and rules set forth in the Terms, (iii) in the event of a sale or change of control of the Company for the purpose of appropriate due diligence actions; or (iv) to our service providers that provide us a service in relation to the data.
We require all third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process it data for specified purposes and in accordance with our instructions.
If you sign up for a One-to-one session with a Counselor, you understand and acknowledge that we will provide the Counselor you selected with your identification and contact data, for him/her to connect with you. We will not share with the Counselor any data we may have about you, unless you expressly ask us to do so.
Data retention. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including (a) the performance of the contract with registered users and (b) for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Generally speaking, we will retain your personal data for the period of your subscription (in active format) and 5 years thereafter (blocked), for legal and/or administrative purposes. After that period, we will destroy the data.
Anonymised data for statistical purposes. For the purpose of improving our services and providing sector/segment reports, we may anonymise your Registration Data and certain generic Usage Data and store and process this data on an anonymous basis, even after your account has been closed, indefinitely. The principal purpose is to analyse on an aggregated non-identifiable basis how our Services are used, measuring their effectiveness, and providing general customer service. We may also provide this data (or parts of it) on a fully anonymous aggregate basis to third party business partners, including for conducting academic research and surveys or commercial analytics, and to publish periodic sector or segmented information and reports about behaviour patterns and tendencies.
3. International transfers of data
We use third party technological services for the provision of our Services, whose providers may process your personal data as sub-processors. These entities may be in jurisdictions that generally don’t provide adequate safeguards in relation to the processing of personal data. However, according to applicable privacy laws, we have entered into contracts that do include such safeguards required by the applicable data protection law with the providers indicated below that are located in the USA:
- RevenueCat (USA): used for In-App subscription management.
- Google Cloud (USA), used to store our customers’ database and for backend services.
For more information about our service providers that carry out international data transfers, please contact info@diliteracy.com.
4. Data Security
We have adopted technical and organizational measures to preserve and protect your personal information from unauthorized use or access and from being altered, lost or misused, taking into account the technological state of art, the features of the information stored and the risks to which information is exposed. In case of a security breach, we will take the appropriate measure and will notify you electronically in a timely manner.
5. Data subject’s rights
In accordance with the applicable data protection law, you have the right to:
- Request access: to your personal data (commonly known as a "data subject access request" or a “right to know”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction: of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure: of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights.
- Request restriction of processing: of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer: of your personal data to you or to a third party (known as “data portability”). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
File a Complaint to the supervisory authority: You have the right to file a complain to the Agencia Española de Protección de Datos (AEPD) sita en la Calle Jorge Juan,6, 28001 Madrid (www.aepd.es) if you consider that we are violating the data protection and privacy applicable laws. Before contacting with the AEPD, please do not hesitate to contact with us at info@diliteracy.com, we will be happy to discuss our data protection practices with you and clarify any doubts you may have. To exercise your rights, please contact us at info@diliteracy.com or sending a letter at Digital Literacy SL, Roger de Flor 193, bajos, 08013, Barcelona, Spain.
Exercising Your Rights
To exercise your rights described above, please submit a request by either:
Emailing us at dpo@qustodio.com; or
Submitting a support request within the Services.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. To designate an authorized agent, please submit a request by emailing us at info@diliteracy.com.
You may only submit a request to know twice within a 12-month period. Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include, but is not limited to:
(a) contact information associated with the account;
(b) the user profile name;
(c) the name of one or more devices associated with your account;
(d) technical information (e.g., model ID, serial number, IMEI code, operating system, etc.); or
(e) any other piece of personal information we determine in our sole discretion to be sufficient for verifying your identity to a reasonable degree of certainty.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor's identity or authority to make it.
Response Timing and Format
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of the rights described above, and we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
6. Commercial Communications.
If you provide us with your consent, you will receive electronic commercial communications including alerts, notices, newsletters, offers and promotions, related to Migiri and other Digital Literacy’s services. If you do not wish to receive such information you can expressly opt out by our commercial communications by clicking “unsubscribe” in one of our emails or by sending a notification to info@diliteracy.com.
7. General.
We may amend this Privacy Policy as required to adapt it to future legislative or case law developments. We will notify you by posting a clear notice of these changes on our website, platform and in this Privacy Policy. Unless a specific local regulation of mandatory application provides otherwise, the Privacy Policy is governed by the laws of Spain.
B. DIGITAL LITERACY PROCESSING COMPANIONS’ DATA AS DATA PROCESSOR
When you register and create an account on the Migiri App, you can indicate the name and email address of the person you want our Service to notify of your progresses and/or updates on your journey, the Companion. You can modify the Companion or delete it at any time. We, as data processor under GDPR, process the Companion Data under your instructions, while you act as data controller under GDPR. This means that you are in control of this data: you determine if we process the Companion data or not. Therefore, our processing of the Companion data on your behalf is governed by the terms of this Section B.
1. Object and Term.
The purpose of this Section B is to regulate the processing of the Companion data indicated below. The term of validity of this Section B is established by virtue of your subscription with Migiri.
2. Warranty and Indemnity.
You, as the person responsible for the Companion data that we process on your behalf as data processor for the provision of the Services, represent and warrant to us that you have all the appropriate informed consents from each and every data subjects whose personal data are submitted to us in the course of the provision of the Services or collected and transmitted to us by the Software. You agree to indemnify and keep us harmless from all claims, damages and losses we may suffer relating to or arising out of the processing of Companion data and other third-party personal data submitted to our systems during the course of use and provision of the Services.
3. Your use of User Data.
As Data Controller, you warrant that you have the appropriate authority to provide us with the Companion data and You will not submit to the Services any personal data relating to any individual under 18, nor any individual that has not authorized such processing. You will protect the confidentiality of any accessible User Data and prevent access by or disclosure to any unauthorized third person.
4. Service Configuration and data processing instructions.
You are responsible for indicating us the data of the Companion. You are not obliged to indicate a Companion, but if you do, this constitutes an instruction for us to process the Companion data on your behalf, to provide you with the Services. Such Companion data will be under your responsibility, with the Company acting as data processor in accordance with this Privacy Policy.
5. Retention
We store the Companion data until you delete it, or until you delete your Migiri profile.
6. Rights and responsibilities of Digital Literacy as Data Processor.
As established in the applicable laws and regulations, Digital Literacy shall:
a) Process Companion data only on the basis of documented instructions from You, including transfers of Companion data to a third country or international organization, unless otherwise required to do so under Union law or applicable Member State law; In such case, Digital Literacy will inform You of that legal requirement prior to the processing, unless otherwise prohibited by such law or in the public interest.
b) Ensure that the persons authorised to process Companion data have undertaken to respect confidentiality or are subject to an obligation of confidentiality of a statutory nature.
c) Take all appropriate technical and organisational measures to ensure a level of safety appropriate to the risk of processing.
d) Respect the conditions for having recourse to another data processor, as established in the current legislation on protection of personal data.
e) Assist You, taking into account the nature of the processing, through appropriate technical and organisational measures, whenever possible, so that it can comply with its obligation to respond to requests for the exercise of the rights of the data subjects, here the Companion.
f) Assist You in ensuring that You comply with your obligations, taking into account the nature of the processing and the information that is available to Digital Literacy.
g) At Your choice, either destroy or return all personal data once the processing services have been completed, and destroy any existing copies unless the retention of personal data is required under Union or applicable Member State law.
h) Make available to You all information necessary to demonstrate compliance with the obligations established in herein, as well as to allow and contribute to the performance of audits, including inspections.
i) Process the Companion data placed at the disposal of Digital Literacy in a way that ensures that the personnel in charge follows Your instructions.
j) Ensure that the Privacy Manager is involved in an adequate and timely manner in all matters relating to the protection of Companion data.
k) Adhere to a Code of Conduct that is approved by the European Commission or other competent authority, if applicable.
l) Keep a record of processing activities in the case of processing personal data that may pose a risk to the rights and freedoms of the data subject and / or in a non-occasional manner, or which involves the processing of special categories of data and / or data relating to convictions and infractions.
7. Data subjects’ exercise of their rights.
If the Data Subjects (Companions) address a request or exercises any of the rights established in the General Data Protection Regulation, the Client and / or Digital Literacy must provide the information requested and perform any required actions, without delay and, at the latest, within one month from receiving the request, which may be extended for a further two months if necessary, taking into account the complexity of the application and the number of applications.
Similarly, in the event that the Client and / or Digital Literacy do/es not proceed with the request of the Companion, he/she shall inform the latter without delay, and no later than one month after receipt of the request, shall provide the Device user with the reasons why he/she/they has/ve not acted and inform the Companion of his/her right to file a complaint before a competent authority and to file a judicial appeal. The response to the Companion’s request shall be made in the same format as that used by the person concerned, unless he/she requests that it be done otherwise.
8. Subcontracting.
Digital Literacy may subcontract some IT services and/or give access to Companion data to third party service providers, if it is necessary for the proper provision of the Service. For this purpose, You hereby expressly authorise Digital Literacy to subcontract the entities indicated in Appendix 1. Digital Literacy ensures a contract exists with each third-party subcontractor, that is sufficient to require the subcontractor to process Companion data in accordance with the applicable data protection laws and the Your instructions.
9. International transfer of data.
International transfers of Companion data may only be performed if the requirements of national and/or European laws and regulations that regulate them, are met. User Data about users located outside the EU may be transferred to our servers located in Spain Digital Literacy uses third party technological services for the provision of Services, these entities may be in jurisdictions that generally don’t provide adequate safeguards in relation to the processing of personal data. However, we have entered into contracts with such entities that do include such safeguards, including the EC model clauses. See Section A.3 above and the Appendix 1 below for a list of these entities. For more information, please contact info@diliteracy.com.
10. Security breach of the personal data.
Insofar as there exists an instruction from a competent supervisory authority, a development of a national legislation or a delegated act, in the event of a security breach of the personal data, Digital Literacy shall notify You and the competent supervisory authority of such breach without undue delay, and if possible, no later than seventy-two (72) hours after it happened.
11. Termination, resolution and expiration.
In the event of termination, resolution or expiration of the contractual relationship for the provision of services hereunder between You and Digital Literacy, the latter shall not keep the Companion data unless otherwise legally required or advisable to do so. Otherwise, upon termination, resolution or expiration, or when no longer legally required to keep the data, Digital Literacy shall destroy or return to You all personal data and any copies of it, as well as any support or other document containing any personal data. This is without prejudice to the right of Digital Literacy to continue process Companion data where such data is being processed by Digital Literacy or for the defense of its legal interests.
12. Changes to Our Privacy Policy
We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Service and update the notice's effective date. Your continued use of the Service following the posting of changes constitutes your acceptance of such changes.
Appendix 1 – Details of Processing
Details of Processing
- Categories of Data Subjects: Third parties whose data are provided by users (“Companion”)
- Type of personal data: name and email address
List of third parties accessing the Companion data
- Google Cloud (USA), used to store the database and backend services
- SendGrid (USA), used to send emails