"Migiri" is a registered trademark of Digital Literacy S.L.U.
Digital Literacy SLU ("Digital Literacy", the "Company", or "we/us") is committed to respecting and protecting the privacy of its users ("You", or the "User"). This Privacy Policy explains our practices regarding the use of personal data collected and processed through our service/app Migiri (the "Service", or "App"). This Privacy Policy integrates our conditions of use of our Service.
Summary
Digital Literacy processes two types of personal data in relation to the Service: (1) your data, as identified below, for which it is responsible (as Data Controller, as defined under the EU's General Data Protection Regulation (GDPR), or as a business as defined under the California Consumer Privacy Act (CCPA), and (2) the data of your Companion, as defined below, for which you are responsible (as Data Controller as defined under GDPR), while Digital Literacy acts as Data Processor (as defined under GDPR or as a service provider as defined under CCPA).
- Your account and contact data are used for managing our relationship with you, including activation, support, invoicing, and upselling. This is described in Section A of the policy.
- Your Companion's data is processed on your behalf, for providing the oversight and monitoring services through the control panel. This is described in Section B of the policy.
You are responsible for the configuration and use of the control panel and the processing of personal data associated with your account which includes, among others, collecting, storing, and analysing personal data that you make available to us. You can change those configurations and provide instructions to limit and/or erase any data collected within the control panel.
The Services are designed for use by adults only, and we do not knowingly collect personal information directly from children under the age of 18.
Both Digital Literacy and you agree to comply with this Privacy Policy.
A. DATA PROCESSED BY DIGITAL LITERACY AS DATA CONTROLLER
Please note that this Section does NOT regulate the processing of the data of the so called "Companion" (that is, the person, chosen by you, that will receive notifications and messages about your progresses on your journey with Migiri) by Digital Literacy in its capacity as Processor, which is regulated by Section B attached.
1. Data Controller
The Data Controller is Digital Literacy SLU, domiciled at Roger de Flor 193, bajos, 08013, Barcelona, Spain. You can contact us by writing an email to: info@diliteracy.com
2. Data collection by the Company through the Services
Data Collection. Digital Literacy will collect and process as data controller the following personal data through the Services:
- Registration. If you're an iOS or macOS user, on registering for our Services, we will only collect your AppleID alias. If you're not an iOS or macOS user, we will collect the following personal data: name, surname, email address and telephone. This data is mandatory and if it is not provided, an account cannot be created.
- Usage Data. When you use the Migiri app, we track your network activity, meaning that we track the domains of the websites you visit and we classify them. If the website is classified as "adult content", we only keep the following information: the date and time you visited an adult content website. We do not keep record of the specific websites you visited nor your activity on those webs.
- Payments Data. Our payment providers collect certain payment data which are processed according to their terms and privacy policy which is provided to you during the payment process. Currently we are using Apple Store's payment service, but we may contract further payment gateways, and their conditions will be provided to you during the payment process.
- Information about your device. Due to the communications standards on the internet, when you visit our App we automatically receive the domain name of the site from which you came and the site to which you are going when you leave the site. We also receive the internet protocol ("IP") address of your computer and the type of web browser you are using. We use this information to analyse overall trends and to help improve the service. This information is not shared with third parties without your permission.
- Questionnaires data. Upon filling in the questionnaires you can find in our App, you will provide us with the answer to our questions. This information is not shared with third parties without your consent.
- One-to-one Sessions booking data. If you decide to sign up for a one-to-one Session, we will only collect the information about the Counselor you selected. We will not receive any data nor information about you from the Counselor.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Information we Collect and purposes for processing and legal basis. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you ("personal information"). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
We have collected the following types of personal data/information from our registered users as described below within the past twelve months. The personal data we collect about you are used for the purposes indicated below, thanks to the application of the following legal basis.
| Data | Purpose for processing | Legal Basis |
|---|---|---|
| Registration Data | Providing you with the Migiri service, provide you with customer service, and sending email notifications. | Performance of the contract (our terms of service) with you |
| Registration Data | Sending you our newsletter and communications about the Services, products and novelties | Consent |
| Registration Data | Ensure you comply with our terms of service and comply with legal obligations | Comply with a legal or regulatory obligation |
| Usage Data | Provide you with the Migiri service | Performance of the contract |
| Payment Data | Process the payment of our Services | Performance of the contract |
| Device Information | Improve the quality of our services | Legitimate interest |
| Questionnaires data | Better understand our Users and provide customized advices | Consent |
| Sessions booking data | Connect the Migiri User with the Counselor | Performance of the contract |
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or features of the Service you interact with.
- Indirectly from you. For example, from observing your actions within the Service.
Generally, we do not rely on consent as a legal basis for processing your Registration Data other than in relation to sending own marketing communications to you via email or text message. However, for transparency and clarity, we ask you to provide this consent, which is given by you on registering your account. You have the right to withdraw consent at any time by contacting us at info@diliteracy.com.
Service optimisation. We may process information on an aggregated non-identifiable basis for establishing user general attributes and profiles and share such anonymous information with third party service providers to help improve or promote our service.
Disclosure. We treat your personal data with strict confidentiality in accordance with applicable law. However, we shall disclose any information about you or your use of our Services: (i) in compliance with a legal obligation, (ii) in order to correctly deliver our Services, (iii) in the event of a sale or change of control of the Company; or (iv) to our service providers that provide us a service in relation to the data.
If you sign up for a One-to-one session with a Counselor, you understand and acknowledge that we will provide the Counselor you selected with your identification and contact data, for him/her to connect with you.
Data retention. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. Generally speaking, we will retain your personal data for the period of your subscription (in active format) and 5 years thereafter (blocked), for legal and/or administrative purposes. After that period, we will destroy the data.
3. International transfers of data
We use third party technological services for the provision of our Services, whose providers may process your personal data as sub-processors. These entities may be in jurisdictions that generally don't provide adequate safeguards in relation to the processing of personal data. However, according to applicable privacy laws, we have entered into contracts that do include such safeguards required by the applicable data protection law with the providers indicated below that are located in the USA:
- RevenueCat (USA): used for In-App subscription management.
- Google Cloud (USA): used to store our customers' database and for backend services.
For more information about our service providers that carry out international data transfers, please contact info@diliteracy.com.
4. Data Security
We have adopted technical and organizational measures to preserve and protect your personal information from unauthorized use or access and from being altered, lost or misused, taking into account the technological state of art, the features of the information stored and the risks to which information is exposed. In case of a security breach, we will take the appropriate measure and will notify you electronically in a timely manner.
5. Data subject's rights
In accordance with the applicable data protection law, you have the right to:
- Request access: to your personal data (commonly known as a "data subject access request" or a "right to know"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction: of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure: of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request restriction of processing: of your personal data. This enables you to ask us to suspend the processing of your personal data in certain scenarios.
- Request the transfer: of your personal data to you or to a third party (known as "data portability").
- Withdraw consent at any time: where we are relying on consent to process your personal data.
- File a Complaint: to the supervisory authority. You have the right to file a complaint to the Agencia Española de Protección de Datos (AEPD) at Calle Jorge Juan, 6, 28001 Madrid (www.aepd.es).
To exercise your rights, please contact us at info@diliteracy.com or sending a letter at Digital Literacy SL, Roger de Flor 193, bajos, 08013, Barcelona, Spain.
6. Commercial Communications
If you provide us with your consent, you will receive electronic commercial communications including alerts, notices, newsletters, offers and promotions, related to Migiri and other Digital Literacy's services. If you do not wish to receive such information you can expressly opt out by clicking "unsubscribe" in one of our emails or by sending a notification to info@diliteracy.com.
7. General
We may amend this Privacy Policy as required to adapt it to future legislative or case law developments. We will notify you by posting a clear notice of these changes on our website, platform and in this Privacy Policy. Unless a specific local regulation of mandatory application provides otherwise, the Privacy Policy is governed by the laws of Spain.
B. DIGITAL LITERACY PROCESSING COMPANIONS' DATA AS DATA PROCESSOR
When you register and create an account on the Migiri App, you can indicate the name and email address of the person you want our Service to notify of your progresses and/or updates on your journey, the Companion. You can modify the Companion or delete it at any time. We, as data processor under GDPR, process the Companion Data under your instructions, while you act as data controller under GDPR. This means that you are in control of this data: you determine if we process the Companion data or not.
1. Object and Term
The purpose of this Section B is to regulate the processing of the Companion data indicated below. The term of validity of this Section B is established by virtue of your subscription with Migiri.
2. Warranty and Indemnity
You, as the person responsible for the Companion data that we process on your behalf as data processor for the provision of the Services, represent and warrant to us that you have all the appropriate informed consents from each and every data subjects whose personal data are submitted to us in the course of the provision of the Services.
3. Your use of User Data
As Data Controller, you warrant that you have the appropriate authority to provide us with the Companion data and You will not submit to the Services any personal data relating to any individual under 18, nor any individual that has not authorized such processing.
4. Service Configuration and data processing instructions
You are responsible for indicating us the data of the Companion. You are not obliged to indicate a Companion, but if you do, this constitutes an instruction for us to process the Companion data on your behalf, to provide you with the Services.
5. Retention
We store the Companion data until you delete it, or until you delete your Migiri profile.
6. Rights and responsibilities of Digital Literacy as Data Processor
As established in the applicable laws and regulations, Digital Literacy shall:
- Process Companion data only on the basis of documented instructions from You.
- Ensure that the persons authorised to process Companion data have undertaken to respect confidentiality.
- Take all appropriate technical and organisational measures to ensure a level of safety appropriate to the risk of processing.
- Assist You in ensuring compliance with your obligations.
- At Your choice, either destroy or return all personal data once the processing services have been completed.
- Make available to You all information necessary to demonstrate compliance with the obligations established herein.
7. Data subjects' exercise of their rights
If the Data Subjects (Companions) address a request or exercises any of the rights established in the General Data Protection Regulation, the Client and/or Digital Literacy must provide the information requested and perform any required actions, without delay and, at the latest, within one month from receiving the request.
8. Subcontracting
Digital Literacy may subcontract some IT services and/or give access to Companion data to third party service providers, if it is necessary for the proper provision of the Service. Digital Literacy ensures a contract exists with each third-party subcontractor, that is sufficient to require the subcontractor to process Companion data in accordance with the applicable data protection laws.
9. International transfer of data
International transfers of Companion data may only be performed if the requirements of national and/or European laws and regulations that regulate them, are met. We have entered into contracts with such entities that do include such safeguards, including the EC model clauses.
10. Security breach of the personal data
In the event of a security breach of the personal data, Digital Literacy shall notify You and the competent supervisory authority of such breach without undue delay, and if possible, no later than seventy-two (72) hours after it happened.
11. Termination, resolution and expiration
In the event of termination, resolution or expiration of the contractual relationship, Digital Literacy shall not keep the Companion data unless otherwise legally required. Upon termination, Digital Literacy shall destroy or return to You all personal data and any copies of it.
12. Changes to Our Privacy Policy
We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Service and update the notice's effective date. Your continued use of the Service following the posting of changes constitutes your acceptance of such changes.
Appendix 1 – Details of Processing
Categories of Data Subjects: Third parties whose data are provided by users ("Companion")
Type of personal data: name and email address
List of third parties accessing the Companion data:
- Google Cloud (USA), used to store the database and backend services
- SendGrid (USA), used to send emails