This Policy also applies to any other products, services, or platforms we may provide or make available to you from time to time, as well as your general dealings with us – including through our website and any other on-line or mobile platforms (“Services”).
Here at Bighead Techies we take your privacy and the processing of your personal data very seriously. Therefore, we have prepared this Privacy Notice where we describe our contact details, information regarding what personal data we process and what rights you have towards us and how you may defend them. Always feel free to contact our customer support ( Refer Contact Details to the Controller) if you have any questions about our processing of personal data or this Privacy Notice.
By using our Daybook app or any of our other Services, you agree to this Policy. Once agreed, this Policy is legally binding on both parties.
Occasionally we may need to change this Policy and terms of services. By continuing to use our Daybook app or the Services after that date, you agree to the revised Policy. Otherwise, you are free to close your Daybook account(see “Closing your Account” below).
What is personal data?
“Personal data” is any information relating to an identifiable or identified person (you as a user). An identifiable person is someone who can be identified, directly or indirectly, for example by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
The processing of special categories of data, defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life, is prohibited, subject to certain exceptions.
Personal data which we handle
Your personal data may only be processed by us with your given consent, when it is necessary for the performance of a contract to which you are a party, or when it is necessary for our compliance with a legal obligation. The processing of the personal data, the specific purposes for the processing, the legal basis for the processing, and for how long we store your personal data, is described below.
Your name may be processed by us when you sign up to the app. It may also be stored by us when you write it in your diary posts. The processing is based on your consent and will be kept by us for as long as you have an account and 180 days thereafter, or when you erase such diary posts containing your name.
To enable login and for creating an identity in our system, we process your email address, which may also be used for support and marketing purposes when you explicitly consent to such processing. Signing up is optional for our app, which means that any processing of your email address is based on your consent. Your email address will be kept with us until you delete your account and 180 days thereafter.
For further authentication and login purposes, as well as for support purposes, we may process your phone number. As it is optional for you to provide your phone number, the processing is based on your consent. Your phone number will be kept with us until you delete your account and 180 days thereafter.
Home address and location
You as a user can optionally toggle whether to map locations of your diary entries. If you chose to activate such mapping, we may, based on your consent, process your location, whereby your home address might become visible depending on your usage. Your approximate location will also be processed by us on an anonymous basis for analytic purposes. Such personal data will be stored by us until you withdraw your consent, or until 180 days after you delete your account.
If you chose to upgrade your accounts subscription, we may process your payment details as it is necessary for our performance of a contract where you are a party. Such payment details will be kept with us until you terminate your upgraded subscription.
Date of birth
For analytics purposes, we will on an anonymous basis process your age, as it is necessary for legitimate interests for us. Your age will then be kept securely by us until your account is deleted and 180 days thereafter.
Other information in diary entries
Depending on if you decide to include any personal data in your diary entries, such personal data will be processed by us by being stored on our cloud database. We will not share such information with any third party. This processing is based solely on your consent. The personal data will be kept until you delete the diary entry, or 180 days after you delete your account. This information will include the below, and any other categories of personal data which you will write about:
- Professional and work details
- Profiling details (including level of education, occupation, photos and images, annual/monthly income, gender, marital status and physical characteristics)
- Criminal convictions and offences
- Trade union membership
- Religious or philosophical belief
- Sex life
- Sexual orientation
- Political opinion
- Health status
- Day to day life
Deletion after inactivity
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Summary of your rights towards us:
You as a user have the possibility to claim several rights towards us. Such rights are listed here and thereafter described in detail below. You find our contact details at the top of this Privacy Notice.
- Right to be forgotten
- Right to withdraw consent
- Right to access
- Right to rectification
- Right to restriction of processing
- Right to data portability
- Right to object
Right to be forgotten
You have the right to request that we delete any personal data that we process about you. We will delete the data as soon as possible, but at least within one month’s time. If the personal data is needed for fulfillment of our contractual duties towards you or to preserve it with legal ground, we will however not delete the information until the data is no longer needed. We will also, without your explicit demand, delete such personal data that we have collected but do not longer have a lawful right to process. We will inform you about this, if it would occur.
Right to withdraw consent
You have the right to withdraw your given consent at any time. If you do so, we will erase such personal data which is not subject to any other legal ground than your given consent. The erasure will be done as soon as possible. Please note that your withdrawal of consent does not oblige us to erase personal data which is processed based on a contractual relationship or any other legal ground.
Right of access
You have, at any time, the right to receive confirmation from us as to whether personal data concerning you are being processed. You have also the right to access that personal data and to receive the following information:
- The purposes of the processing
- The categories of personal data concerned
- The recipients or categories of recipients to whom personal data have been or will be disclosed
- The envisaged period for which the personal data will be stored or the criteria used to determine that period
- The existence of automated decision-making and profiling
Right to rectification
You have, at any time, the right to demand us to correct any inaccurate personal data within a month’s time. You have also the right to complete incomplete personal data, taking into account our purposes of the processing, by the means of providing a supplementary statement.
Right to restriction of processing
You have, instead of demanding us to delete any data, the right to demand us to restrict our processing of your personal data. This may be achieved if
- You have reason to believe that the accuracy of the personal data is not correct, and the restriction shall be in place during a period that allows us to verify the accuracy of the personal data
- The processing is unlawful but you don’t want us to delete the personal data
- We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims
- You have objected to processing concerning profiling or automated decision-making, whereby a restriction shall be obtained during the period when we assess whether our legitimate ground for the processing override your legitimate ground.
You have the right to retrieve the personal data which we process about you and that you have provided to us. You have also the right to demand that we transmit such personal data to another data controller if the personal data is collected based on your consent or if the processing of the personal data is carried out by automated means by us, if we deem it technically feasible.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. This can be done when the personal data is processed as part of automated decision-making, including profiling, and direct marketing, if such processing would be carried out (see “Personal data that we process” above).
By setting up account, you represent that you have either reached the age of 16. wIf you do not know whether you have reached the age of 16 or where you live or do not understand this section, please ask your parent or legal guardian for help before you create an account.. Please refer Children’s Privacy.
You can create a daybook dairy account for others only where you are the authorized individual-representative (a parent, guardian, or legal representative establishing a subscription for a Diary). By setting up such an account you automatically certify and agree that (i) you have this authority, (ii) we are entitled to rely of your certification as true, and (iii) you will hold us harmless from any claim by such others that you did not have authority to create a Diary for them. Subject to an agreement with our company, we will permit organizations (including not-for-profit entities) and individuals to create Diaries, set up accounts for others and encourage them to use a Diary or other Services. Whether you set up your own Diary account or one is set up for you and you agree to become a Diary user, these Terms shall apply to you and govern your relationship with us.
We reserve the right to restrict in our sole discretion who is eligible to use the Diary or our Services, or set up an account, and to reject a request to create a Diary account or close an account at any time without liability. We will only do this where we believe we have a reasonable concern or issue.
How We Share and Disclose Your Information:
Daybook Share your information in the following ways:
Service Providers. We provide access to or share your information with operations and maintenance contractors and other third parties who perform services on our behalf. They have access to perform these services but are prohibited from using your information for other purposes. They provide a variety of services to us, including billing, sales, marketing, test proctoring, product content and features, advertising, analytics, research, customer service, data storage, security, fraud prevention, payment processing, and legal services
Aggregate/Anonymous Information. From time to time, Daybook may share Aggregate/Anonymous Information about use of the Services, such as, but not limited to, publishing a report on usage trends or survey results, and other demographic information provided to us by our users. The sharing of such data is unrestricted
Business Transfers. As we continue to develop our business, we may buy, merge, partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
Related Entities and Affiliates. We may share information with our affiliated companies that are under the common ownership or control of Bighead Techies LLP
Except as we state in this Policy, we will not make Your Data available to anyone with whom you have not instructed or permitted us to distribute or share Your Data. Where we believe in good faith that we have a legal obligation to make that data available to the authorities, or if the threat of physical harm or other damage exists to you, our company, or someone else, we reserve the right to provide any information to the proper authorities and as needed to protect those parties from harm.
We take security very seriously and use security to ensure that Your Data is protected when it is in your Diary. When you opt to use Services which require our employees or Service Providers to have access to Your Data to perform the Services, we agree to implement procedures to protect your security and privacy. However, we cannot and do not guarantee that a breach will never occur or that Your Data will be secure and will never be misused, and you acknowledge and agree that we cannot be held responsible for any breach or unauthorised access to or use of Your Data. In Case of breach we will notify users using email or other means available.
We provide you with multiple ways to share Your Data, including, but not limited to, email, text, media other apps , social media, etc., which will not encrypt or protect Your Data during transmission. You agree that when you share Your Data using tools which do not provide the necessary encryption and other appropriate protections, that you do so knowingly, at your own risk; and we cannot be held responsible for any breach, hack, or unauthorised access to or use of Your Data.
To prevent access to your Diary by people with malicious intent, we strongly encourage you to follow best practices for a safe password, identity and personal health information management, and to not share your Diary credentials or Your Data with anyone with whom you do not have a high level of trust.
Processes and Systems / Service providers:
We use following processors/ Service providers:
- Google Firebase (Google LLC) : For utilizing storage, Analytics, Cloud Messaging, Authentication, Realtime Database, Storage, Hosting, Remote Config, Test Lab, Crash Reporting, Notifications, App Indexing, Dynamic Links, Invites
- Elastic search & Kibana: For providing search functionally and providing analytics
- Fabric and crashlytics(Google LLC) : For analytics and for troubleshooting crashes
- Facebook - For providing login service
- Onesignal - for providing push notifications/for marketing
- AWS (Amazon Web services ) -Cloud provider for storing data
- Devices(Mobile/Web)->Firebase -> Elasticsearch
- Devices(Mobile/Web)->AWS 4. Devices(Mobile/Web)->AWS
Your Diary and all of its content belong to you. You have control over your Diary and how much of Your Data you share with others. You are solely responsible for verifying the identity of those you have invited to your Diary, organisations which have created and invited you to use a Diary, and monitoring the access to and use of your Diary by those whom you, authorised others and/or organisations have invited to your Diary. We are not responsible nor liable for anyone you allow to access your Diary or use Your Data. With regard to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), we must disclose what personal data we collect and process about you, and for what purposes. In this Privacy Notice, you find all such information that we are obliged to inform you.
The Regulation in its entirety in your language, may be accessed by following this link:
Would you like to defend your rights, which are listed in this Privacy Notice, you may contact us using the contact information listed below.
Closing your account:
When your account is closed, we will provide you, by a means to be determined by us in our discretion, with an electronic copy of Your Data as it then exists in your Diary. Except where you have agreed to share Your Data as set out below, we will delete all of Your Data within a reasonable period (around 60-90 days). Note that once Your Data is deleted it cannot be retrieved. We will retain system logs in relation to your Diary tracking the deletion, but not retain Your Data.
Where you have chosen to give access to Your Data to any third parties (including other Diary users) for analytical and other purposes in both anonymous and/or personally identified formats with the requirement that some or all of Your Data will not be deleted in the future, then Your Data will continue to be stored, shared and used as you have agreed.
The Daybook and our Services are intended for users who are 16 years of age and older. If we become aware that we have inadvertently received information relating to a child who is younger than 16, we will promptly delete that information from our records.
Open Source library used:
Following open source libraries are used for building daybook.
Contact Details to the Controller
Name of the company: Bighead Techies LLP
National company registration number: AAE-8393
Country of operation: India
E-mail address: email@example.com,firstname.lastname@example.org
Phone number: +918547109242
Postal address: 214, Plamoottil, Mammood, Changanacherry, Kerala, India - 686553