- EN
- JP
Privacy Policy
Effective as of 20 october 2023.
When you use ‘40weeks later’, you are trusting us with intimate personal data. We are committed to keeping that trust, which is why our policy as a company is to take steps to ensure that individual user's data and privacy rights are protected and to provide transparency about our data practices.
The purpose of our Privacy Policy is to explain what data we collect, how it is used and shared, and how you can control it.
Introduction
This Privacy Policy explains how Connect i Co.,Ltd. (“Connect i” or “we” or “us”) collects, stores, uses, transfers and shares Personal Data from our users (“you”) in connection with the ‘40weeks later’ mobile application, ‘40weeks later’ (the “App”)*, and the ‘40weeks later’ website including any products and services related to it (the "Website") (all collectively, the “Services”).
We reserve the right to and may change this Privacy Policy from time to time. If we make any material changes, we will notify you by email (sent to the email address provided when you register), through the App, or by presenting you with a new version of this Privacy Policy. If permitted by applicable law, your continued use of the Services after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the Privacy Policy as modified. In some cases, you will be given a choice about whether to explicitly accept changes to the Privacy Policy. If you do not accept the terms of the Privacy Policy, please do not use the Services.
Please check the Privacy Policy posted on our Website and in the App for the latest updates on our data privacy practices.
1. Personal Data we collect from you
We collect Personal Data about you in a variety of ways. Sometimes we collect Personal Data automatically when you interact with the Services, and sometimes we collect the Personal Data directly from you. At times, we may receive Personal Data about you from other sources and third parties.
1) Personal Data you provide to us directly:
-
A. General Information
When you sign up to use the Services, we may collect Personal Data about you such as.- Email address
- Year of birth
- Password or passcode
- Nickname and photo (When using community)
- Place of residence and associated location information including time zone and language
Health and Well-being. When you sign up to use the Services, you may choose to provide Personal Data about your health and well-being such as
mode, Personal Data mode Personal Data if you select the pregnancy mode - menstrual cycle, last menstrual day, menstrual start date, menstrual end date, ovulation day
- Ovulation test date, ovulation test photo, ovulation test result
- Pregnancy test date and time, pregnancy test photo, pregnancy test result
- Schedule History of Fertility Treatment (If Fertility Treatmenty mode is selected)
- Various symptoms related to your menstrual cycle, pregnancy and health
- Other information about your health (including sexual activities), physical and mental well-being, and related activities, including personal life
if you select the pregnancy mode - weeks and days of pregnancy
- Details of your pregnancy
- ultrasound images(with fetal measurements)
- pre-pregnancy height, weight
- weight history
if you select the childcare mode - pre-pregnancy height, weight
- weight in the last weeks of pregnancy
- weight history
2) Personal Data we collect automatically:
When you access or use the Services, we may automatically collect the following information:
- A. Device Information:
- Device model
- Information about the operating system and its version
- Unique device identifiers (e.g. IDFA)
- Version of your device system
- B. Location Information
- Language
- Time zone
- C. Data about your use of the Services, including, among others:
- Frequency of use
- Areas and features of the Services that you access, visit or use;
- Engagement with particular features.
- To collect this and other information, we may use cookies and other tracking technologies.
- D. Data from external sources.
- We may receive Personal Data about you from third parties. For example, we may obtain information from third parties, to enhance or supplement existing user information, including to customize and personalize your experience and for statistical purposes and analytics, as described below.
3) Matters concerning the operation of cookies
The company uses "cookies" that store users' information and call them up from time to time to provide customized services to users.
Cookies are small amounts of information sent by the server (HTTP) used to run a website to your computer browser and can also be stored on a user's PC computer or on a hard disk within their smartphone. After users access the homepage or app, they must allow cookies to log in and use services such as member services.
The company uses cookies to find information about the ID in order to provide services that are appropriate and more useful to its users. Cookies identify the properties of the data subject's computer or smartphone device, but do not personally identify the data subject.
- A. Purpose of using cookies
It is used to provide optimized information to users by identifying the type of visit, usage, and safe accessibility of each service and website of the app visited by the user
- B. Set the use of Cookies
Users have the option of installing cookies. As a result, the user can either allow all cookies by setting options in a web browser, go through confirmation whenever they are saved, or refuse to save all cookies. By denying the cookie setting, you can allow all cookies, go through verification whenever you save them, or refuse to save all cookies by selecting the options in your web browser.
- Example of setup (for Internet Explorer) : Tools at the top of your web browser > Internet Options > Personal Information
However, if you refuse to save cookies, some services that require future login may be difficult to use.
2. How we use your Personal Data
1) We will not collect and use your Personal Data without letting you know. Depending on which features of the Services you use, we will process your Personal Data based on one or more of the following legal bases:
- A. Your consent. For example, on the registration screen when you give us permission to process your Personal Data
- B. To fulfill our contractual obligations to you in order to provide the Services to you
- C. Legitimate interest. We may process your Personal Data in relation to our interests in providing the Services to you, our commercial interests, including our interest in protecting the security and integrity of the Services, and wider societal benefits
- D. Legal obligation. We may be obligated to process some of your Personal Data to comply with applicable laws and regulations
Below we describe the purposes for which we process your Personal Data and our lawful bases for doing so, including some basic examples
Purpose of processing | Legal basis for processing | example |
---|---|---|
To support the existing functions of the App, including customization of content and materials you see when you use the App | Consent | We make automated decisions using your data to predict your future cycles or ovulation, support the health care of mothers and fetuses during pregnancy, and check the mother's weight care and the child's development during child-rearing. analyze your data to provide you new features and services, and provide certain suggested articles or materials to read |
customization of product and service offerings and making recommendations to you, including third-party products and offerings | Consent | Customized ads and We may offer you a discount for Premium service |
to provide and deliver services you request, send you related information, including confirmations and reminders | Consent | Using your device data we may send you a reminder, e.g., via push notifications, to log your symptoms to make predictions more accurate and management. You can disable this anytime in your device settings or from within the App using the consent toggle screens |
for billing (invoicing), account management and other administrative purposes, if applicable | Consent | We may send you an email containing your invoice, if applicable |
to respond to your comments, questions and requests and to provide customer service | Legitimate interest | We may process your name and email to reply to your support request or to contact you about a specific query or question you have raised |
to send you technical notices, updates, security alerts and support and administrative messages | Legitimate interest | We may send you an email notification that contains a customer satisfaction survey. You can opt-out of receiving such surveys anytime by contacting us at after10month@connect-i.co.kr |
to monitor and analyze trends, usage and activities in connection with our App | Consent | We may analyze your browsing activity in the App to understand what you like or dislike about it in order to improve your future experience |
solely with respect to information that you agree to share, for ‘40weeks later’ promotional purposes | Consent | If you give your consent, we can post your review or comment on our website or SNS |
to verify your identity | Legal obligation | We may ask for age verification (e.g., an ID) if we have reasonable doubts regarding your age |
2) Principles of processing
- A. Data minimization and purpose limitation
We will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Personal Data that is not needed for the mentioned purposes. For any new purpose of processing we will ask your separate consent. - B. No sale of Personal Data
We will not sell or rent your Personal Data. We will not disclose your Personal Data except as otherwise described in this Privacy Policy. We may share your Personal Data with our service providers solely as described in this Privacy Policy. We will also not use information received through your use of the HealthKit and Google Fit framework for advertising or similar services, or sell it to advertising platforms, data brokers, or information resellers.
3. Your privacy rights
It does not matter what country or region you come from, we are committed to providing you vast privacy rights in relation to your Personal Data.
1) you privacy rights
- A. Correction of your Personal Data
If you believe that your Personal Data is inaccurate, you have a right to contact us and ask us to correct such Personal Data. - B. Restriction of Processing
You have a right to request that the processing of your Personal Data be restricted in some circumstances. For example, you have the right to request the restriction of your Personal Data if you contest the accuracy of your Personal Data and we need some time to verify its accuracy. - C. Access to your Personal Data (including in portable form)
You have a right to request information about what Personal Data we process about you, to access all your Personal Data, and receive a copy of it, including in a structured and portable form (.json). - D. Erasure of your Personal Data
You may ask us to erase your Personal Data if you withdraw your consent to processing, if you believe such processing is unlawful. Please be aware that erasing some Personal Data may affect your experience using certain features of the Services that rely on historic data. - E. Right to object to the processing of your Personal Data
In some cases, you can object to the processing of your Personal Data, for example, if we process it under the legitimate interest basis, by contacting us at after10month@connect-i.co.kr
2) How to exercise your privacy rights
Contact us at after10month@connect-i.co.kr to exercise your privacy rights
We will address your request within 30 days after receipt. It may take us up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems. We will let you know if we need more time and explain the reasons for the delay.
Please keep in mind that if we receive a vague request, we may contact you to better understand the request. We may also refuse to comply with a request that is manifestly unfounded and with excessive (repetitive) requests.
We might also require you to prove your identity in some cases. Normally, we make sure to verify that the request is coming from the same email as you provided when registering. Where you have not registered your account, we may ask you to undergo additional verification measures in an effort to ensure we are appropriately responding to requests.
Subject to applicable laws, you may have a right to lodge a complaint with your local data protection authority about any of our activities (related to your privacy rights, among others) that you think are not compliant with applicable law. If you have any concerns about our privacy practices, please let us know at after10month@connect-i.co.kr
4. Third parties processing your Personal Data
We will not share your Personal Data with third parties except as specified below.
1) Processing to make the App run
In some situations, we engage other companies to process your Personal Data on our behalf. We refer to these companies as “processors.”
Processors are companies that help us run the Services, support our communication with you or perform other App-related activities. They may process certain Personal Data on our behalf to accomplish the goals related to the App functions and associated activities. We remain responsible for any acts or omissions of our processors and undertake to execute formal data processing agreements with them to the extent required by applicable law.
Here is the list of our main processors upon which we rely
Type | processor | Processor’s privacy | Data collected | Purpose |
---|---|---|---|---|
Infrastructure and security | AWS (Amazon Web Services, Inc.) | AWS privacy policy | All Personal Data | storage of all Personal Data when you use the App |
Email communications | NHN Cloud (NHN Cloud, Inc. Republic of Korea) | NHN Cloud privacy policy | Email address | to reach you with our newsletters and notifications |
Analytical tools | Google analytics (for firebase) | Google privacy policy | App usage data |
- to understand how you use the App, engage with particular features and what you like or dislike the most - to generate statistical reports |
Processing and Analysis of Images | Google cloud (vision) | Google privacy policy | Uploaded Image Data | to enable the development of automated-decision making for providing you with predictions and app functionality |
app monitoring Platform | sentry | Sentry privacy policy | App log data | Application Performance Monitoring & Error Tracking |
2) Aggregated information
We may aggregate, anonymize or de-identify your Personal Data so that it cannot reasonably be used to identify you. Such data is no longer Personal Data. We may share such data with our partners or research institutions or use for statistical purposes, for example, we may share or use general age, demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users in articles, blog posts and scientific publications. Sharing this data contributes to the advancement of scientific research on women’s health. Our legal basis for processing your data for this purpose is legitimate interest.
3) Information posted by you
The App features several community areas where users with similar interests can share information and support one another.
Any information (including Personal Data) you share in any online community area or online discussion is by design open to the ‘40weeks later’ community. You should think carefully before posting any Personal Data in any public forum. What you post can be seen, disclosed to, or collected by third parties and may be used by others in ways we cannot control or predict, including to contact you for unauthorized purposes.
If you mistakenly post Personal Data in our community areas and would like it removed, you can send us an email after10month@connect-i.co.kr
4) Special circumstances
We may also share some of your Personal Data in the following special circumstances:
- in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements)
- when disclosure is required to maintain the security and integrity of the Services, or to protect any user’s security or the security of other persons, consistent with applicable laws. In such cases we may also delete some of your Personal Data (e.g., by resetting your password to avoid unauthorized access)
- when disclosure is directed or consented to by the user who has input the Personal Data
- in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.
Depending on the circumstance, we may rely on legitimate interest or legal obligation as our legal basis for the above processing activities.
5. Retention of your Personal Data
Except as set forth below, we will retain your Personal Data as long as needed to provide you with the Services or otherwise fulfill the purposes for which it was collected.
- 1) Impact of Account Deactivation(delete your account)/Requests to Erase Personal Data
At any time, you can deactivate your account and erase your Personal Data by emailing after10month@connect-i.co.kr If you choose to deactivate your account, ‘40weeks later’ will generally delete all your Personal Data and it will not be recoverable should you later create another account. - 2) Impact of App Deletion or Inactivity
If you choose to delete the App from your device or your account becomes inactive, we will retain your Personal Data for a period of 3 years in case you decide to re-activate the Services or re-install the App. The App covers different periods of users’ lifecycle; therefore, retention of your data is needed in some cases to secure your smooth experience with other App functions (e.g., switching to pregnancy mode after cycle tracking, switching to parenting mode after childbirth). - 3) Limitations
You should be aware that, although we will anonymize or otherwise de-identify your data where possible, we may retain certain Personal Data and other information after your account has been terminated or deleted as necessary to comply with legal obligations, resolve disputes and enforce our agreements.
6. Security of your Personal Data
- 1) General security measures
We implement technical and organizational measures in an effort to protect Personal Data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data that we process and risks associated with special categories of Personal Data we collect (information about health). These measures include Pseudonymization and tokenization of certain categories of your Personal Data.
Encryption of your Personal Data in transit and in rest. Systematic vulnerability scanning and penetration testing. Protection of data integrity.
Organizational and legal measures. For example, our employees have different levels of access to your Personal Data and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of the Services. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal Data.
Conducting periodical data protection impact assessments in order to ensure that the Services fully adhere to the principles of ‘privacy by design’, ‘privacy by default’ and others. We also commit to undertake a privacy audit in the event of ‘40weeks later’s merger or takeover.
Please understand that you can help keep your information secure by choosing and protecting your password appropriately, not sharing your password and preventing others from using your mobile device. However, no security system is perfect and, as such, we cannot guarantee the absolute security of the Services, or that your information will not be intercepted while being transmitted to us.
- 2) Security breaches
If we learn of a security systems breach, we may either post a notice, or attempt to notify you by email and will take reasonable steps to remedy the breach as specified in applicable law and this Privacy Policy. If we learn of a potential Personal Data breach, together with other actions referred to in the Privacy Policy (such as notifying you in certain cases), we will also undertake particular actions to remedy the breach as appropriate under the circumstances, which may include, logging you out from all the devices, resetting a password (sending a temporary password for you to apply) and performing other reasonably necessary activities and actions.
If you want to report a security incident related to the Services please contact us at after10month@connect-i.co.kr
7. Children’s privacy
The Services are not intended for children and we do not knowingly collect personal information about children under 13 years old through the Services. If you are aware of anyone under 13 using the Services, please contact us at after10month@connect-i.co.kr and we will take the required steps to delete such information and (or) delete the child’s account.
8. Communication with you
We may contact you from time to time via email or through other means (like popups or push notifications) to communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information that we think will be of interest to you.
Opt-out options : You can always opt out of receiving emails by unsubscribing via the “Unsubscribe” link contained in the email. Opting-out of these emails or notifications will not end the transmission of important service-related emails that are necessary to your use of the Services. You may also opt out of receiving popups or push notifications by adjusting your settings in your device. If applicable laws prescribe so, we may ask some users to provide their additional consent for such communications.
9. Storage and international Personal Data transfers
‘40weeks later’ is based in the Republic of Korea (“Korea”). Personal Data we collect is transferred to and processed in the U.S. (where it is governed by U.S. law) and to other countries (where it is governed by the laws of those countries). The laws of the U.S. and the laws of other countries may not offer the same protections as the laws of your jurisdiction.
10. Data Protection Officer (DPO)
To communicate with our Data Protection Officer, please email at after10month@connect-i.co.kr or use the contact details below.
11. Contact us
General
If you have any questions or concerns about your privacy you may contact us at:
Connect i Co.,Ltd, 6F, 108, Toegye-ro, Jung-gu, Seoul, Republic of Korea
Email : after10month@connect-i.co.kr