Especially important in this document are the following definitions:
means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (Special categories of Personal Data).
Responsible for the processing of your Personal Data is:
Natural Cycles Nordic AB
111 37 Stockholm, Sweden
Data Protection Officer
The Personal Data we process is mainly the information you have provided us with when registering a user Account and using our services. We do not obtain any information from any other sources.
When you register a user Account and use our services, among the Personal Data we collect from you are: your email address, first and last name, height, weight and date of birth. We may also, after you have given your explicit consent, collect Sensitive Data linked to your reproductive health including, but not limited to, if you are planning a pregnancy as well as your recent use of hormonal contraception, body temperature, menstruation cycle, intercourse history, ovulation test results and pregnancy test results. The services can also request to get access to your phone’s sensors. We will collect data based on how you interact with our services. This helps us understand how to improve our user experience.
We may send you newsletter emails about our services, products from the Webshop, and other updates. You have the option to unsubscribe from the newsletter inside the emails.
We use your Personal Data for the following purposes:
1. To provide you with our services
We use Personal Data and Sensitive Data given by you, as explained above, in order to provide you with our services, app for reproductive health, contraception and planning a pregnancy.
We retain your data for this purpose for the duration of our agreement with you and up to 60 months thereafter.
Legal basis: Consent
2. To follow up on your use of our services and the functionality of our services, and administer our agreement with you
We use Personal Data such as your name, email address, and how you use our services in order to follow up on your use of our services and functionality of our services.
We use data such as your name and email address in order to administer our agreement with you. This includes when you are in need of customer support.
We retain your data for this purpose for the duration of our agreement with you and up to 6 months thereafter.
Legal basis: fulfilment of our agreement with you. Legitimate interest, as we assess that our interest of following up on your use of our services and the functionality of our services is not overridden by your interest of your privacy.
3. To inform you of or follow up on possible medical issues
We use Personal Data and Sensitive Data given by you, and data such as how you use our services in order to re-optimise the algorithm of our services. We store your data for this purpose for as long as you have given and not withdrawn your consent to our processing for this purpose.
Legal basis: Consent.
We use Personal Data such as your name and email address in order to send you a newsletter regarding our Webshop, products, services and other updates. We may store your data for this purpose for the duration of our agreement with you and up to 6 months thereafter. Please note that you always have the right to opt-out of receiving the newsletter or direct marketing from us.
Legal basis: Legitimate interest, as we assess that our interest of marketing our Webshop, products, services and other updates is not overridden by your interest of protection of your privacy.
5. To safeguard our legal interests
We may use Personal Data such as your name, email address, and your use of our services in order to defend, establish or exercise any legal claim, regarding e.g. payment. We may store your data for as long as necessary to defend, establish or exercise a legal claim in case of a dispute regarding e.g. payment.
Legal basis: Legitimate interest, as we assess that our interest in safeguarding our legal interests is not overridden by your interest of protection of your privacy.
6. To fulfil our legal obligations
We may use your data in order to fulfil our legal obligations. We store your data for this purpose for as long as we are legally required, e.g. financial bookkeeping (7 years).
Legal basis: Compliance with a legal obligation.
Personal Data collected from Apple HealthKit will not be used by Natural Cycles for marketing activities and advertisement. Natural Cycles will not share your Personal Data with third parties except for those companies we use for processing the data. We may disclose your Personal Data in order to comply with a legal or regulatory obligation, if we reasonably believe that this is required by law, regulation or other legislation, or in order to protect and defend Natural Cycles, our business partners or users’ rights and interests.
When you provide us with Personal Data to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase in the Webshop, you consent to Natural Cycles collecting it and using it for that specific reason only.
By registering a user Account with us or using our services you consent to Natural Cycles using your Personal Data in order to provide you with the service, administer your account, follow up on your use of our services, follow up on the functionality of the service, and to improve our service. This include, but is not limited to, process and analyse your Personal Data linked to your reproductive health or condition in order to inform you of or follow up on possible medical issues, e.g. unwanted pregnancy or difficulties becoming pregnant, reaching out to you via in app message or via a Natural Cycles support agent, and to fulfil reporting obligations pursuant to medical device regulations or other applicable regulatory requirements.
In order to respond to user support inquiries or technological issues or problems, a Support Agent might be required to access your Personal Data, which will be conducted in a controlled manner. By submitting a user inquiry through our support portal or directly to the support email, you give your consent that a support agent can access your Personal Data for the purpose of responding to your support inquiry. In the case that you do not consent to this, you need to formally state this in the support inquiry.
Please be aware that if you unsubscribe from our mailing list you will still receive answers to your questions sent to our support agent but you will not be receiving promotional emails.
The security and integrity of your Personal Data is important to us. Therefore, we use generally accepted industry standards, technologies and procedures, such as firewalls, security software etc., in order to protect the integrity of your Personal Data and to prevent any unauthorised access. However, no system can be 100% secure and despite our efforts, there is always a risk of unauthorised access to your Personal Data. By using our services, you assume this risk.
If you share any of your Personal Data added to your user account to any third person (e.g. a partner) you accept and agree that you have done so at your own responsibility. Natural Cycles will be in no way responsible for any unauthorised release of Personal Data from your user account unless such information is released on purpose or by gross negligence by Natural Cycles or any of its employees.
Natural Cycles is responsible for answering your request to exercise your rights within one month from our receipt of your request. If your request is complicated, or if we have received a large extent of requests, we are entitled to prolong our response period with two additional months. If we assess that we cannot perform the actions you have requested, we will within one month explain why and inform you about your right to lodge a complaint with the data protection authority.
All information and communication, and all actions we carry out, is at no cost for you. If the action you request is manifestly unfounded or excessive, we are entitled to charge you an administrative fee to provide you with the requested information or carry out the requested action, or refuse to meet your request. An application shall be made in writing and should be sent from the email address that was used to register your personal user account with a description of your request. We may request you to use the email address of your personal user account in order for us to verify your identity.
If you withdraw your consent to our processing of your data or object to us using your Personal Data for any purpose for which we assess that we have a legitimate interest, you may not be able to use our services how they are intended to be used.
You have the right to request:
1. Access to your Personal Data
This means that you have the right to request an abstract from our data record regarding our use of your Personal Data. You also have the right to request a copy of the personal information being processed at no cost. However, we may charge you a reasonable administrative fee to provide you with additional copies of the Personal Data. If you make your access request by electronic means such as email, we will provide you with the information in a commonly used electronic format.
2. Rectification of your Personal Data
We will at your request, or at our own initiative, rectify, anonymise, erase or complement Personal Data that you or we discover is inaccurate, incomplete or misleading. You also have the right to complement the Personal Data with additional data if relevant information is missing.
3. Erasure of your Personal Data
You have the right to request that we erase your Personal Data if we do no longer have an acceptable reason for processing the data. Given this, erasure shall be made by us if:
However, there might be requirements under applicable law, or other weighty reasons, that entail in that we cannot immediately erase your Personal Data. In such case, we will stop using your Personal Data for any other reasons than to comply with the applicable law, or the relevant weighty reason.
4. Right to restrict processing
At Natural Cycles, we will take all reasonable and possible actions to notify any recipients of your Personal Data as set out in the section “Our use of your Personal Data” above regarding any rectification, erasure or restrictions carried out by us. At your request, we will also inform you of which third parties we have shared your Personal Data with.
You have the right to object to such processing of your Personal Data based upon our legitimate interest (please see section “Our use of your Personal Data” above). If you object to such processing, we will only continue with the processing if we have a compelling legitimate reason for the processing that outweighs your interest, rights or freedoms, or unless continued processing is necessary for the defence, establishment or exercise of a legal claim.
If you do not want Natural Cycles to process your Personal Data for direct marketing, you always have the right to object to such use by getting in contact with us. When have received your objection to processing for this purpose we will immediately cease to process your Personal Data for this marketing purpose.
You have the right to receive certain of your Personal Data in a structured, commonly used and machine-readable format and have the right to transmit those data directly to another controller where technically feasible. You only have this right when your Personal Data is processed by automated means and our legal basis for the processing is performance of a contract between you and Natural Cycles. This means e.g. that you have the right to receive and transfer all of the Personal Data that you have provided us with to create your user Account.
You have the right to lodge any complaints regarding our processing of your Personal Data with the data protection authority.
These cookies are necessary for the sites, services and Webshop to function. They are usually only set in response to actions made by you which amount to a request for services, such as logging in, keep track of items added to the cart or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the sites, services and Webshop will not work without cookie access. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our sites, services and Webshop. They let us know which pages are the most and least popular and see how visitors move around the sites and Webshop. All information that these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site and Webshop and will not be able to monitor Natural Cycles’ performance.
These cookies enable the sites, services and Webshop to provide enhanced functionality and personalisation. They may be set by Natural Cycles or by third party providers whose services we have added to our sites, services and Webshop. If you do not allow these cookies, some or all of these services may not function properly.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
“Anonymised Information” is information which does not relate to an identified or identifiable natural person or to Personal Data rendered anonymous in such a manner that the data subject is not or no longer identifiable. Each user of the services grants Natural Cycles and its affiliates, sublicensees, partners, designees, and assignees of the services (collectively the “Natural Cycles Licensees”) a non-exclusive, royalty-free, sub-licensable, and transferable right to use, reproduce, distribute, modify, adapt, prepare derivative works of, publicly display, publicly perform, communicate to the public, and otherwise utilise and exploit a user’s Anonymised Information and anonymised information about a user’s use patterns of the services: (a) to improve the services or the functionality of the site or Webshop; and (b) for clinical studies and aggregated research, including, but not limited to, scientific research that may be undertaken by third parties who wish to study data collected by Natural Cycles. For clarification, Natural Cycles Nordic AB regularly uses Anonymised Information for the purpose of clinical studies and for the purpose of compiling data for scientific articles, conferences, books etc.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by Natural Cycles Webshop and its service providers.
Certain third party service providers, such as payment gateways and transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your Personal Data will be handled by these providers.
Certain providers may be located in or have facilities that are located in a different jurisdiction than either you or Natural Cycles. If you elect to proceed with a transaction that involves the services of a third party service provider, your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Latest update: 18 May 2018