Komak

NABO (Organization) - Privacy Policy for Komak

1. Introduction

Through the Komak platform (namely, the Komak mobile application and website), we, Nabo, help communities across the globe to combat the challenges raised by the COVID-19 epidemic by providing members of the public who need help with day-to-day activities with real-time access to local volunteers who are able to lend a hand. To do this, we need information about our Users. This Global Privacy Policy (the “Privacy Policy”) describes what information we will collect, how we will gather, use and maintain information about our Users, when we may use information about Users to contact them or disclose relevant information about Users to third parties and will help Users understand what choices they have about their information when they use our Platform.

Protecting our Users’ information is really important to us and we will only use our Users’ information in line with the relevant laws concerning the protection of Personal Data, which when processing Personal Data in the European Economic Area (“EEA”) shall include the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the Privacy & Electronic Communications (“EC Directive”) Regulations 2003 and, in Denmark, the Danish Data Protection Act 2018, each as amended or replaced from time to time (together, the “EEA DP Legislation”). 

Please note that our Platform may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, including policies on their use of cookies. If you follow a hyperlink to a third party website, please review the relevant privacy policy before submitting any Personal Data to that third party website. The third party’s policies will govern the use of Personal Data you submit or which is collected by cookies whilst visiting these websites. We do not accept any responsibility or liability for the privacy practices of third party websites and your use of such websites is at your own risk.

2. General Terms

In this Privacy Policy:

  • Nabo may be referred to as “Nabo”, “we”, “our” or “us”.
  • The Komak mobile application (whether on iOS or Android) is referred to as the “App”.
  • Our website (https://komak.io/) is referred to as the “Site”.
  • Users of our Platform are referred to as “Users”, “you” or “your”. 
  • Users of the App who, through the App’s functionality, volunteer to help other Users with their day-to-day activities are referred to as “Volunteers”.
  • Users of the App who, through the App’s functionality, request assistance from Volunteers with their day-to-day activities are referred to as “Persons-in-Need” or “PINs”.
  • Our Site and App, and related services, information and communications are collectively referred to as our “Platform”.
  • Our Terms of Service are referred to as the “Terms of Service” and can be found here. This Privacy Policy is incorporated into, and constitutes a part of, our Terms of Service.

3. Who decides how your information is used?

Nabo, located in Copenhagen, Denmark, is the data controller responsible for making decisions about how we use your Personal Data, whether you are located in the EEA or elsewhere. If you have any questions or comments on this Privacy Policy or our use of your information, you can contact us at the details set out in Section 13 of this Privacy Policy.

4. What information do we collect and how do we use it?

This Privacy Policy covers our use of any information that can or could be used to identify you (“Personal Data”). It does not cover information which cannot be used to identify you. For Volunteers, certain of your Personal Data which we collect and use will be data relating to your physical health, or which could be used to deduce information about your physical health (“Health Data”). Further information on how we use Health Data is described in Section 10 of this Privacy Policy below. 

Examples of the types of Personal Data that we collect are set out below. We receive this data automatically when Users download, sign-up to and use the App, and may receive some of this data when you engage with us via social media channels, subscribe to online content we produce (such as newsletters) or when you telephone, email or write to Nabo.

The Personal Data that we collect includes the following, which may, if relevant to providing services of Nabo, be combined with information we receive from other sources:

  • Contact Information: This may include your first and last name, residential address, telephone number and email address. You voluntarily provide us with this information when you sign up to use our Platform. We collect and use that information in order to authenticate you when you register to use our Platform and to make sure you are able to access our Platform. We may also use your address, telephone number or email address in order to communicate with you to provide technical and customer support.
  • Identity Information: If you are a Volunteer, this may include your date of birth or your social security information (or equivalent, depending on your jurisdiction), to the extent permitted by law in your jurisdiction. We may use this data to validate your identity, in the interests of protecting the safety and security of our PINs.

 

  • Content Information: You may also choose to send us Personal Data in an email containing enquiries about our Platform and we will use this information to help us respond to your enquiry. 

 

  • Location Information: As the services we provide through the Platform are location based, when you use the Platform, we collect and use your device location information, whether you are a Volunteer or a PIN to, to identify other relevant Users (e.g. PINs, if you are a Volunteer) who you may be able to assist (in the case of a Volunteer) or who may be able to assist you (in the case of a PIN). We identify your location using a variety of technologies, including GPS, the WiFi points you are accessing the App through and mobile/cell tower triangulation. 

 

  • Performance Information: We also collect and use information relating to your in-App actions (e.g. how often you respond to PIN requests, if you are a Volunteer, or how often you make a request, if you are a PIN) to allow us to assess the effectiveness of the App and its utilisation across different regions (regionally, nationally and internationally). This helps us to continue to develop the App, identify and address any technical issues that may arise with the App and to assess the proportion of PIN help-requests to the number of Volunteers available across different geographic areas, so that we can consider how the App might be better utilised for the benefit of communities across the globe.

 

  • Technological Information: In relation to our Site, we will collect and use your IP address, browser type, operating system, the pages of our Site which you browsed or the features you used, and the time you spend on those pages or features to better understand who is using our Site and how. Similarly, we will collect and use information on your in-App user settings and preferences to understand the same matters in relation to the App. We may also use your in-App information, as well as certain information about your mobile device (including device identifiers, device OS, model, configuration, settings and information about third party applications installed on your device), to monitor performance of the App and address any technical issues identified by us or by other Users, as well as to carry out anti-fraud measures in accordance with our Terms of Service and for the benefit of Users (e.g. to prevent PINs from being misled by fabricated offers of assistance). 

 

  • Health Data: In relation to Volunteers, we will collect Health Data in order to facilitate the services that we provide through the App and for the protection of other Users. Provision of sensitive Personal Data, including Health Data, is entirely at your discretion but Volunteers should be aware that refusing to provide the Health Data requested when accessing the App may prevent you from using the App as a Volunteer. Further information about our collection and use of Health Data is set out in Section 10 of this Privacy Policy. 

If you elect to turn on background activity tracking in the App, we will collect your Personal Data as you use the App as well as in the background when you do not have the App open on your device. This information will solely be used for the purposes set out in “Location Information” and “Technological Information” above. You can change your mind and turn-off background activity tracking at any time in your device settings.

By submitting Personal Data to us, you consent to such Personal Data being collected and processed for the purposes described above. Where you voluntarily provide Health Data or other sensitive Personal Data, for example via email or other communications with us, we may need to ask you to confirm that you expressly consent to us collecting and processing the relevant data. In some instances, it is necessary for us to collect your Personal Data in order to enter into or perform our part of a contract with you, or provide you with access to the Platform and certain services. Failure to provide such Personal Data may prevent us from providing you with the goods, services, information, activities or online content you select, or tailoring such content to your personal preferences. 

5. Who do we share your information with?

We will not share any Personal Data that we have collected from or regarding you except for the purposes for which it was obtained and as set out in this Privacy Policy. We may share your Personal Data as described below:

  • Information Shared with Our Service Providers: We engage an external service provider who provides us with use of servers to allow us to administer and provide the Platform. As part of that, they will process your Personal Data on our behalf, but only in accordance with our instructions. Our external service provider has access to your Personal Data only for the purpose of providing us with servers to administer and provide the Platform on our behalf, in compliance with this Privacy Policy, and they are not permitted to disclose or use your Personal Data for any other purpose. 

 

If other technical or administrative issues arise in connection with the Platform, we may be required to engage other service providers, associated organisations, contractors and agents to help us address these in an efficient and non-disruptive way. Those service providers may be required to process your Personal Data but we will ensure that this is limited to the greatest degree practicable (e.g. through anonymization of data) and will agree contractual arrangements with such service providers to ensure that they process such information solely to the extent needed to provide the services which we have engaged them for and only in accordance with our instructions.

 

  • Information Shared with Other Users: When you use the Platform, we will share certain Personal Data with other Users so that we can help you identify Users who can assist you (if you are a PIN) or who you can assist (if you are a Volunteer). This Personal Data includes your name and your telephone number or email address (i.e. the information needed for the relevant User to contact you). As set out in our Terms of Service, Users are only permitted to use Personal Data relating to other Users for the purposes of contacting, in the case of Volunteers, PINs who have requested assistance and, in the case of PINs, contacting Volunteers who may be able to assist them. Upon downloading the App or accessing Our Platform, all Users agree to comply with these requirements.

 

  • Information Disclosed for Our Protection and the Protection of Others: We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We only share information about you with government or law enforcement agencies or private parties where we reasonably believe necessary or appropriate: (a) to respond to claims and as part of legal processes (including where disclosure is required under subpoenas and warrants); (b) to protect our property, rights and safety, or the property, rights and safety of a third party or the public in general; or (c) to investigate and stop any activity that we consider illegal, unethical or legally actionable.

For the avoidance of doubt, as a not-for-profit organisation, we will never use or share your Personal Data with any third party for its own marketing purposes. You have the right at any time to request that we cease giving your Personal Data to third parties identified above or for contacting you for our own marketing purposes. 

In addition to the third parties noted above, we may disclose your Personal Data to third parties:

  • in the event that we buy or sell any business or assets, in which case we may disclose your personal information to the prospective buyer or seller;
  • if Nabo or substantially all of its assets are acquired by a third party, in which case Personal Data held about Users and Volunteers will be one of the transferred assets; and
  • in order to enforce or apply our terms and conditions or to protect the rights, property or safety of Nabo, or our members, Users or Volunteers.

6. How is your Personal Data transferred?

The Platform is available globally and, if you are not located in the EEA, the applicable data protection laws in your jurisdiction may not be the same as those in which we process your Personal Data (i.e. Denmark, a country within the EEA). As the performance of the services for which the Platform was created requires the sharing of some of your Personal Data with other Users within your local area, this means that there may be two potentially applicable sets of data protection rules in relation to your Personal Data:

  • the EEA DP Legislation; and

 

  • the data protection rules that apply in the jurisdiction in which you are located (if different from those applicable in Denmark).

Personal Data relating to Users resident within the EEA is not transferred or processed outside of the EEA. Personal Data relating to Users resident outside the EEA will be processed within the EEA by us and our service providers in accordance with this Privacy Policy.

7. How do we keep your Personal Data safe?

We have appropriate security measures in place to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, improperly altered or disclosed. We also limit access to your Personal Data to employees, agents, contractors and other third parties who have a need to know in connection with our provision of the Platform or where otherwise explained in this Privacy Policy (see Section 6 above). Those persons who access your Personal Data in connection with the provision of the Platform will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. How long will we keep your Personal Data?

We keep your Personal Data for so long as may be necessary for us to fulfil our contractual obligations in respect of the services and products requested by you, to fulfil the purposes for which Personal Data was collected (as set out in this Privacy Policy) or as required by applicable law. This also applies to any contractor or service provider that we share your Personal Data with and who carry out services on our behalf. 

When we no longer need to use your Personal Data and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or annonymize it so that it can no longer be associated with you. When removing Personal Data, we will take reasonable and technically feasible measures to make this information irrecoverable and irreproducible.

9.  What rights and choices do you have?

You have certain rights in relation to your Personal Data. In order to exercise these rights, please contact us at contact@komak.io. 

You can:

  • Request access to and obtain a copy of the Personal Data we hold about you.

 

  • Request that we rectify or correct the Personal Data we hold about you that is inaccurate, out of date or incomplete. The easiest way to update your account information is via your in app-settings.

 

  • Request that we delete or remove your Personal Data, where there is no good reason for us to continue processing it or where you have exercised your right to object to processing (see below), where we have processed your Personal Data unlawfully, or where we are required to erase your Personal Data in order to comply with applicable law. Please note that we may not always be able to comply with your request to delete or remove Personal Data for specific legal reasons, which will be notified to you if applicable.

 

  • Object to us processing your Personal Data. Some of the Personal Data we hold is necessary for us to provide you with access to the App and for you to be able to use the services it provides including, in the case of Volunteers, your Health Data.

 

  • Ask us to restrict or suspend processing your Personal Data, but be aware that sometimes we need to use your Personal Data in order for you to be able to use the Platform.

 

  • Have your Personal Data transferred to another organisation (where this is technically feasible). This right is only available if we are processing automated information (initially) based on your consent, or under (or in contemplation of entering into) a contract with you.

 

  • Where we rely on consent as the lawful basis for processing, you may withdraw your consent. 

 

  • Complain to a regulator. We’d appreciate the chance to deal with your concerns directly in the first instance so we’d prefer you to contact us first. However, if you’re based in the EEA and believe that we have not complied with data protection laws, you can complain to our regulator, the Danish Data Protection Agency (Datatilsynet), or with your local supervisory authority.

The applicable law may provide exceptions to these rights in certain circumstances. Where you cannot exercise one of these rights due to such an exception we will explain to you why. 

We offer you choices regarding the collection, use and sharing of your Personal Data and we will respect the choices you make. Please note that if you decide not to provide us with the Personal Data that we request, you may not be able to access the Platform or use the features it provides.

After you contact us, you may receive an email in order to verify your request. We aim to provide the information or complete the outcome you request within one month. If your request is particularly complex or you have made a number of requests, it may take us longer than a month.  If this is the case, we will notify you and keep you updated. 

10. What about my Health Data?

In this Section of the Privacy Policy, “you” and “your” refer to Volunteers only. We do not collect or process information relating to the health of PINs. Users who designate themselves as PINs while using the App are not required to give any information regarding their past or current medical history or physical health, or any information from which their medical history or health could be deduced. The Health Data we collect and process in relation to Volunteers is solely limited to the information contained in the confirmation Volunteers are required to make before using the App, as described below.

To ensure that Volunteers do not contribute to the spread of COVID-19, Volunteers are required to confirm certain information regarding their physical health when utilising the App. This Health Data falls within a special category of Personal Data for the purposes of data protection rules applicable within the EEA.

Each Volunteer is required to expressly and proactively confirm their consent to our collection and processing of their Health Data before such data is provided to us and they are permitted to use the App. 

We only use your Health Data to determine whether you are permitted to be a Volunteer and will not use this data for any other purpose without your express prior consent.

Your Health Data will be collected and processed in accordance with the rules and processes described in this Privacy Policy above. While we do not consider that our processing of your Health Data is like to result in a “high risk to the rights and freedoms of natural persons” for the purposes of applicable DP Legislation, we have undertaken a “Data Protection Impact Assessment” in relation to our processing of this data to assess whether it is necessary and proportionate for us to process this data and how we can process this data in a way that minimises any risks to your personal rights and freedoms. Our decision to process this data, and to do so in accordance with this Privacy Policy, has been taken in light of that assessment.

11. What about Children?

In accordance with Terms of Use, Children are not permitted to use our Platform and we do not intend to collect Personal Data from them. We define children as anyone under 16 years old, or the age needed to consent to the processing of Personal Data in your country of residence.

12. Changes

Any Personal Data that we collect is covered by this Privacy Policy as in effect at the time such information is collected. We may make changes to this Privacy Policy from time to time. Changes will be posted to our Site, so please check frequently for any updates. Whenever practically possible, and where you have provided us with your contact information, you will be given reasonable notice of any material change to this Privacy Policy. If you do not agree to any changes to our Privacy Policy then do not continue using our Platform.

It is important that the Personal Data we collect and store about you is accurate. Please keep us informed if your Personal Data changes. 

13.  Contact

If you have any questions or comments concerning our use of your Personal Data or this Privacy Policy please contact us at contact@komak.io or write to us at:

Legal entity: Nabo, CVR 41250399

Postal address: Christianshavns Voldgade 13, st tv, 1424, Copenhagen K

Contact Name: Dragos Petria, dragos.petria1@gmail.com

For further information or if you disagree with the way in which we are handling your personal information, you can contact the Danish Data Protection Agency (email: dt@datatilsynet.dk). 

This Privacy Policy was last updated on [●] March 2020.