Last update on: 20 April 2022
This is where you can find out how Onoco Limited (“Onoco”, “we”, “us”, “our”) collects, stores, protects and shares data about you (“Policy”). It’s best read alongside our Terms and Conditions, which you can find here.
When you’re using our Onoco mobile application ("App"), there is some information we collect about you, and you can share your information on the App with other users ("Users"). The Policy is intended to meet our duties of transparency under the “General Data Protection Regulation” or “GDPR”.
1. Collection of information
When you register in our App, we ask you for and collect your:
Password for your Account.
Information that we will ask for about your child are:
Your child’s name.
Your child’s birthdate.
Optionally, we also ask to provide additional information which will be available in your profile (i.e. profile photo, telephone number, preferred way of contact).
Upon registration each user creates his profile that will be available in Onoco to view by other family members.
Additionally, you can provide more information about your child that will help other caregivers to better understand your child’s needs (i.e. gender, favourite food, encouraged activities, technology allowance).
Any and all information about you or your child will only be used in the context of providing services through the App and will be held in the strictest confidence.
Emergency Protocol Data
Family’s safety is our top priority. Therefore, each family can create their own Emergency Protocol for all caregivers to know what to do in emergency situations. This section of the app is optional, but it consists of the following sections: emergency contacts, first aid location, fever management, allergies, help lines, the nearest hospital.
Log and Usage Data
Our servers automatically record information ("Log and Usage Data") created by your use of Onoco, which again helps us to improve our service. Log and Usage Data may include information such as your IP address, browser type, the referring domain, pages visited, access times, your mobile carrier, unique device identifier, device model, operating system, MAC address and search terms.
Marketing and Communications Data
We also collect information on your preferences in receiving marketing from us during the registration process (“Marketing and Communications Data”).
In addition to information about yourself, it may be possible for you to submit other content ("Content"), such as photos and other media, each of which you present through technology available through the App, including but not limited to Timeline with activities, Plan with Family Routine and Learning Journey with Milestones. It is entirely up to you whether you want to submit this additional information, and whether you would like to make it available to others.
We also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data, but once in aggregated form it will not constitute considered personal data for the purposes of the GDPR as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
Information Collected When You Purchase a Subscription
If you choose to subscribe to the Onoco app, you will be required to provide your payment card information, which can include your name, card number, expiration date, security code, and billing address. If you subscribe from within our mobile app, your payment card information will be collected and stored by the third-party app store you use.
2. Uses made of the information
We will only use your personal data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will update this Policy and we will explain the legal basis which allows us to do so.
What is our “legal basis” for processing your Personal Data?
In respect of each of the purposes for which we use your personal data, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases:
Where we need to perform a contract we are about to enter into or have entered into with you (“Contractual Necessity”).
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each purpose we use your personal data for is set out in the table below.
Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
Where we have your specific consent to carry out the processing for the purpose in question (“Consent”).
Generally, we do not rely on your Consent as a legal basis for using your personal data other than in the context of direct marketing communications.
We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Data.
4. Disclosure of your information
We will not disclose your information, except in the limited circumstances described here:
Service Providers — We engage certain trusted third parties to perform IT and system administration functions and services. We may share your Registration Information and Log and Usage Data with these third parties, but only for the purposes of performing these functions and providing such services. These Service Providers are located within the European Economic Area and/or the United States.
Regulators and Public Authorities — We will cooperate with law enforcement enquiries received from within or outside your country of residence. This may include preserving or disclosing any of your personal data, including your Registration Information, if it is necessary to comply with a law or regulation, or to comply with a judicial proceeding, court order, or legal request, to protect the safety of any person, or to address fraud or security issues. Such Regulators or Public Authorities may be located both within or outside the European Economic Area.
Business Transfers — In the event that Onoco or any of our affiliates are involved in a bankruptcy, merger, acquisition, reorganisation or sale of assets, your information may be transferred as part of that transaction.
We do not claim ownership of Content Data you submit or make available using the Service. However, by submitting, posting or transmitting Content Data and personally identifiable information on areas of the Service that are accessible by other users or the public, you grant us and those members of the public who have access to that Content Data a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display that Content Data on the Service, and to publish your name and other personally identifiable information in connection with that Content Data.
By submitting, posting or transmitting Content Data on areas of the Service that are accessible to other users or the public, you represent and warrant that you are the owner of that Content Data or have authorization to distribute it and that the use and publication of the Content Data does not violate any law. You understand that in order to provide the Service and make your User Content available on it, We may transmit your Content Data across various public networks, in various media, and may reproduce, modify or change your Content Data to store and retrieve the Content Data, to make it available to you and other members of the public, to comply with technical requirements, and otherwise in connection with operation of the Service.
We may use personal data to deliver products, or service update notices, and promotional offers based on your communication preferences. With your consent (upon registration), we may send you marketing e-mails about upcoming promotions, and other news, including information about products and services that may be of interest to you. You may opt-out of receiving such information at any time: such marketing emails tell you how to “opt-out.” Please note, even if you opt out of receiving marketing emails, we may still send you non-marketing emails. Non-marketing emails include emails about your account with us (if you have one) and our business dealings with you. We may combine your information (after it has been anonymized) with information we collect from other companies and use it to improve and personalize the Services, content and advertising. We may also do so in order to improve our prediction methodologies and algorithms.
6. What others see about you
Onoco is designed to make it easier for you to exchange information within the family and external caregivers. All Users of the App who received an invitation from a family’s administrator will be able to see your Profile Data.
Such other Users may therefore share your profile information with individuals who may or may not be Users. So, please be careful about what permissions you grant through the App and what you post, particularly when it relates to your children. We want to keep you safe, but we need you to help us.
7. Our Policy Towards Age
Our App is for grown ups. You have to be at least 18 years old to use the App. We don’t market to anyone under the age of 18 either. If we discover you’re under 18, we will delete your account, sorry but we’re looking forward to welcoming you soon!
8. Removing Onoco access
Even after you remove information from your profile or delete your Account, copies of that information may still be viewable and/or accessed to the extent such information has been previously shared with other members of your family or nannies. We cannot control this, nor do we accept any liability for this.
9. Your Rights Relating to Your Personal Data
By law you have the right to:
Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data. This right exists where we are relying on a Legitimate Interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data. We will provide to you, or a third party you have chosen, personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent. This right only exists where we are relying on consent to process your personal data (“Consent Withdrawal”). If you withdraw your consent, we may not be able to provide you with access to the certain specific functionalities of our App. We will advise you if this is the case at the time you withdraw your consent.
How to exercise your rights
If you want to exercise any of the rights described above, please contact us at firstname.lastname@example.org.
Typically, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us at email@example.com.
We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
We may revise this Policy from time to time. If we make a change to this Policy that, in our sole discretion, is material, we will notify you, for example, via an email. The revised Policy will apply from the date on which we post it on this page.
We collect information by placing cookies on your device. A cookie is a piece of text stored on your computer or mobile by your web browser. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our App.
We use two broad categories of cookies:
first party cookies, served directly by us to your computer or mobile device; and
third party cookies, which are served by our partners or service providers on our App.
Analytics and research
We use Google Analytics to collect information about how visitors use the Onoco site and App. We use the information to compile reports and to help us improve the site and the App. The cookies collect information in an anonymous form, including the number of visitors to the site/App, where visitors have come to the site/App from and the pages they visited.
We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our App works. You can find out more information about Google Analytics cookies here You can find out more about how Google protects your data here.
These cookies help us to identify visitors so that when you’re logged in, you can enjoy Onoco’s offerings and localise your experience.
Security and App integrity
We may use persistent cookies, which will help us to ensure we have identified the same device is logging into the correct account. These types of cookies also help with our anti-spam measures and may help us to prevent phishers, scammers and other unauthorised activity.
Site features and services
These cookies and local storage devices provide functionalities such as links to other social media sites and social plugins. In some cases, the App feature you choose may allow a third party to place cookies or local storage devices on your computer. The third party who places cookies on your device is responsible for how they process their data and Onoco recommends that you read their privacy policies.
We need to use certain cookies and local storage devices to ensure our visitors have the best possible experience. These may, for example, assist with your navigation of our App, ensure pages load up quickly and respond faster to your requests for the App’s services. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience some inconvenience in your use of our App. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit our App.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk
12. How long we store your personal data
We will only retain your Personal Data for so long as we reasonably need to use it for the purposes set out in "2. Uses made of the information", unless a longer retention period is required by law (for example for regulatory purposes).
We retain you data for as long as it is necessary to fulfil the Purposes/Use for which it is used (see "2. Uses made of the information") and in any event, no longer than 90 days following deletion of your Account as a back-up copy to enable restoration.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for analysis, research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Onoco Limited is the controller (for the purposes of the GDPR) of your personal data, and is registered in the United Kingdom under company number 12397107. Our registered address is 85 Great Portland Street, London, W1W 7LT.
It’s good to talk, email us at firstname.lastname@example.org