Welcome to the Tavo iOS mobile application (our “APP”). This Privacy Policy applies to you and Tavo Sleep, irrespective of your country of residence or location.
This Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum to make sure you understand the information we collect, why we collect it, how it is used and your choices regarding your information.
This Privacy Policy sits in line with the General Data Protection Regulation (GDPR).
General Information
What is personal data?
Personal Data is information by which you can be directly or indirectly identified (hereinafter “data”). This generally includes information such as your name, address, email address and telephone number; however, it may also include other information such as your IP address, Online identifiers or preferences and interests.
What is processing?
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
The Data Controller
The person that is responsible for your information under this Privacy Policy (the “data controller”) is:
TAVO Sleep, LLC
965 W. Chicago Ave.
Chicago, IL 60654
If you have any questions about the processing of your personal data by us or about data protection in general, you can reach us at team@tavosleep.com.
Relevant legal basis
In the following, we inform you about the legal basis on which we process personal data. If more specific legal bases apply in individual cases, we will inform you of these separately.
- Consent - The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
- Performance of a contract and pre-contractual enquiries - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject's request.
- Legitimate interests - Processing is necessary for the purposes of the legitimate interests of the controller or a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
Your rights
When we process your personal data, you have following rights:
- Right to information: what personal data a company is processing and why (this policy).
- Right of access: You can request information about data collected.
- Right to rectification: If data collected is not correct, you can ask for it to be corrected.
- Right to erasure: Under certain circumstances, you can request the erasure of your data.
- Right to restriction of processing: In certain circumstances, you can request the further processing of your data, but the data will remain stored.
- Right to data portability: You can have the data collected about you transferred to another provider in a machine-readable format.
- Right to object: In certain circumstances (including where your data is processed on the basis of legitimate interests or for marketing purposes) you may object to processing.
- Rights in relation to automated case-by-case decisions, including profiling: This includes several rights where data is processed solely by automated means, and this has a legal or significant impact on an individual. In these circumstances, you have, among other things, the right to human intervention in the decision-making process.
- Right to Complaint: You have a right to complaint to your local Data Protection Authority. We would however appreciate the chance to deal with your concern first.
If you wish to exercise any of the rights listed above, you can contact us by email at team@tavosleep.com. For your protection and the protection of all our users, we may need to request certain information from you to help us confirm your identity before we can respond to the above requests.
Security measures
We take appropriate technical and organizational measures in accordance with the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
However, you must understand that no Internet transmission is completely secure. Therefore, we can never guarantee that unauthorized access, hacking, data loss and other incidents can be completely excluded.
Transmission
Transmission of your data is done exclusively via SSL-encrypted connections and only transferred to third countries if this is necessary/legally required for the purpose of providing our Services and the APP or if you have given us your consent.
Transfer
We may transfer your information if:
- we are involved in whole or in part in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
- reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government/legal investigation, or other legal requirement; (ii) to assist in the prevention or detection of crime (in each case, subject to applicable law); or (iii) to protect the safety of any person.
- disclosure would reduce our liability in actual or threatened litigation; (ii) if necessary to protect our legal rights and the legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activities, suspected fraud or other misconduct.
We may ask for your consent to share your information with third parties. In any such case, we will make clear why we want to share the information.
Retention
Data is typically Stored on your device. In instances where you submit data to us, we will retain your data on our server until the purpose for processing it no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
Do you have to provide data?
The provision of both personal data and special category data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data could result in you not being able to use our APP or not being able to use it to its full extent. The legal basis for this data processing is consent.
You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing to team@tavosleep.com.
About our APP
In principle, our APP is designed to have data protection-friendly default settings. This includes, for example, that only such personal data is collected that is required for the function of the APP (principle of data minimization). As such we have made sure that as little as possible information that directly identifies you is collected.
We assure you of the lawful and responsible handling of all data that you transmit to us as a user of our APP and would like to transparently present to you below which data we process, what we use it for and whether and, if so, to what extent it is stored by us and/or transmitted to third parties.
What sources and data do we use
We process personal data only to the extent authorized by you personally. In doing so, we only collect and process the data that is absolutely necessary to maintain and use the APP. Personal data may be collected in two ways, that is directly when you for example volunteer it to us or automatically for example when you install and use our APP.
Do Not Sell
We do not sell personal data to third parties.
Push messages
When you use the app, you will receive so-called push messages from us, even if you are not currently using the App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via the device settings of your device.
Authorizations and Access
We may request permission to access your device`s Bluetooth, internet, and network access, push notifications. The legal basis for data processing is our legitimate interest and your consent. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our APP may not function as intended.
Data collection, storage and use of personal data
When you contact us
If you send us feedback, or a support request, your e-mail address will only be used for correspondence with you and only to clarify your support case. Your data will not be passed on to third parties. The data of your request will be deleted after completion. In the course of the support you have requested, it may be necessary for you to provide us with some of your personal data so that we can fulfill our contractual obligations. The data transmitted in this context will be deleted after the end of the support. The legal basis for this processing is consent and our legitimate interest and, in some cases, fulfillment of our contractual obligations.
When using our APP
When using the APP, it is necessary to create and set up an account using your email address and password.
We may also collect non personal data including movement data using the accelerometer while sleeping, or your wake-up rating to quantify your sleepiness using the Stanford sleep score, and other stats through device such as when they set their alarm.
The purposes of processing are contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests, visit action evaluation. The legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as your Consent.
You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing to team@tavosleep.com.
Data collection, storage and use of technical personal data
Some countries including Turkey and the European Union, have a broad definition of personal data and as indicated above it encompasses online identifiers, IP address, device IDs as such we are required to cover the following.
Apple
The App can be downloaded from the "Apple App Store" and you might be required to register with Apple and/or to download certain App store software. When downloading and installing our APP, Apple collects and processes the following data: device identifiers, IP addresses, and location information and it cannot be ruled out that Apple also transmits the information collected to a server in a third country.
Apple may also collects information from and about the device(s) you use to access our APP, including hardware and software information such as IP address, device ID and type, device-specific and app settings and properties, APP crashes, advertising IDs information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass when you are using our APP. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is Apple.
Firebase
We use the Google Firebase developer platform and related features and services provided by Google LLC and Google Ireland Limited. Google Firebase is a platform for developers of apps for mobile devices. The Google Firebase developer platform offers a variety of features. A list of these features can be found at: https://firebase.google.com/terms/. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy
Miscellaneous and Closing
Uninstall
You can stop the collection of information by the APP by uninstalling it using the standard uninstall procedure for your device.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so in your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Exercising your rights
If you wish to access your personal data or exercise any of the rights listed above, you should apply in writing, providing evidence of your identity. Any communication from us in relation to your rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.
Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is given on the basis of your consent. Consent given can be revoked at any time.
Automated individual decision-making including profiling
We do not make automated decisions in individual cases, including profiling.
Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Changes, Queries and Complaints
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date. This Policy was last updated on Wednesday, February 1, 2023.
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.