Triggerise Privacy Policy

Amharic

Protecting your data, privacy and personal data (as defined under Article 4(1) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”)) is very important to Triggerise Stitching and its affiliates – Triggerise Kenya Private Limited, Triggerise Stichting Ethiopia branch, Triggerise India, Triggerise BV, Triggerise South Africa Pty Limited and Triggerise LABS Unipessoal Lda  (“us”, “our” or “we”). It is vitally important to us that our customers (the “users”) feel secure when using the services, products and information that we provide through our various platforms.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read this Privacy Policy carefully to understand the types of data we collect from you, how we use it, the circumstances under which we will share it with third parties, and your rights in relation to the personal data you provide us.

When using our platform, apps, sites (the “Services”), you will be asked to indicate your acknowledgment of, and where applicable, give your consent to the practices described in this policy.

SECTION 1 – WHO WE ARE

This Privacy Policy applies to data processing by: Triggerise Stichting and its affiliates in Kenya, Ethiopia, India, Portugal, South Africa and the Netherlands.  

Questions, comments and requests regarding this Privacy Policy are welcome and should be addressed to privacy@triggerise.org. Our Data Protection Officer is Admillo Ribeiro.

SECTION 2 – GENERAL OVERVIEW OF OUR DATA PROCESSING IN CONNECTION WITH SERVICES, PRODUCTS AND INFORMATION

Information you provide to us. 

 You will be asked to provide us with your information when you:

  • fill in forms on our websites, our applications, our digital assets (such as Facebook Messenger, Twitter, Whatsapp, Instagram or correspond with us by SMS, phone, email or otherwise;
  • register/enrol to use our services, products or offers, subscribe to our newsletter, promotional emails or other marketing materials;
  • use the services or products that you receive through our platforms;
  • rate the services or products that you receive on our platforms
  • report a problem with services or products received; or
  • Complete any surveys or studies that we use for research purposes to evaluate our services or improve the quality of services that we provide to you

The information you will be asked to provide us for these purposes may include your gender, date of birth, phone number, products or services you received, locations of places where you received a product, service or information, redeemed rewards or further information required to verify your identity such as an image of your face.

SECTION 3 – SPECIFIC PROCESSING ACTIVITIES, TYPE AND PURPOSE OF THEIR USE 

3.1 WHEN YOU USE OUR WEBSITES

Types of data: IP address of the requesting device, date and time of access, name and URL of the requested file, website from which access is obtained (“Referrer URL”), browser used and, where applicable, your device’s operating system and the identity of your access provider.

Uses of that data: We use the above data to provide you with access to our Website, ensure that the Website can establish an internet connection smoothly and is easy to use; to analyse the system security and stability, as well as for additional administrative purposes.

Use justification: Legitimate interests (Article 6 (1) (f) GDPR). Our legitimate interest is based on the data collection purposes listed above. We do not use the data collected for the purpose of identifying you. You are not obliged to provide the above personal data. However, you will not be able to access the websites if such personal data are not provided.

Storage duration: The data that allows us to identify a user is removed after 14 days, unless any security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and clarified in full.

3.2 WHEN YOU REGISTER OR ENROL TO RECEIVE SERVICES OR PRODUCTS ON THE PLATFORMS THAT WE MANAGE

Types of data include: gender, date of birth, image of your face

Uses of that data: We use the above data to provide you with a user account and access to services, products and information that we provide through our platforms. It is not possible to access our services if the (non-optional) data is not provided.

Use justification: Contract performance (Article 6 (1) (b) GDPR / consent (Article 9 (2) (a) GDPR).

Storage duration: Your data is deleted or anonymized (and cannot be associated with a specific natural person) when you request deletion of your account. If your account is inactive for more than 12 months, we will contact you to check whether you wish to continue using our services. If you then leave your user account unused for a subsequent 12 months, we will delete your account and anonymize your data (such that it cannot be associated with a specific natural person).

3.3 WHEN YOU RECEIVE SERVICES, PRODUCTS OR INFORMATION ON THE PLATFORMS THAT WE MANAGE

Types of data include: gender, date of birth, image of your face, type of service, product or information that you received,  actor that provided you with the service or product date you received the service, product or information,  your assessment of the quality of the services, products and information that you received, whether you redeem incentives such as loyalty points (‘Tiko Miles’) and if so, where you redeemed the incentives/loyalty points and how much of the incentives/loyalty points you spent

Uses of that data: We use the above data to provide you with access to services, products and information that we provide through our platforms. We also use the data to improve the quantity and quality of  service, products and information that you recieve, to verify and validate the services, products and information you received, to reimburse vendors and service providers for services, products and information you received, verify your eligibility to access and utilise services, products and information from our platforms,to implement research interventions such as randomised controlled trials, to evaluate the effectiveness of research interventions, to report to funders of the services, products or information provided on our platforms; to conduct user research and to follow up with you on how we can improve the quality of the services, products and information that you received on our platforms. It is not possible to access our services, product or information (non-optional) if data is not provided.

Use justification: Contract performance (Article 6 (1) (b) GDPR / consent (Article 9 (2) (a) GDPR).

Storage duration: Your data is deleted or anonymized (and cannot be associated with a specific natural person) when you request deletion of your account. 

3.4 DIRECT MARKETING TO YOU OF SERVICES, PRODUCTS OR INFORMATION AVAILABLE ON THE PLATFORMS THAT WE MANAGE

Types of data include: gender, date of birth, image of your face, type of service, product or information that you received,  date you received the service, product or information,  your assessment of the quality of the services, products and information that you received, whether you redeem loyalty points (‘Tiko Miles’) and if so, where you redeemed the loyalty points and how much of the loyalty points you spent. 

Uses of that data: We use the above data to promote services, products or provide you with information that we believe will be of interest to you. You can modify your marketing settings at any time by either (1) sending the text “STOP” to any of the short code number that you used to enrol on our services (2) contacting and informing a mobiliser that assisted in enrolling/registering you on our platform (3) calling us directly on the numbers shared with you (4) sending a Whatsapp or Facebook message saying “stop” or (5) sending an email to us 

Use justification:Consent (Article 6 (1) (a) GDPR).

Storage duration: Your data is deleted or anonymized (and cannot be associated with a specific natural person) when you request deletion of your account. 

3.5 USE OF DATA RELATED TO YOUR HEALTH FOR RESEARCH AND STATISTICAL PURPOSES

Types of data include:  records of the health products or services that you have received from us, other health data that you have provided to us directly or indirectly during your usage of our products or services.

Uses of that data: We process this data to carry out research relating to the use and uptake of sexual reproductive health services and products and to prepare aggregate statistics on the geographical utilisation of health products, services or information which may be matched with demographic information we hold about you . Where any such data is made publicly available, it will be presented as summarized statistics on an anonymized basis.

Use justification: The processing is necessary for scientific research or statistical purposes and we publish anonymized and summarized statistics from which the identification of a specific natural person is impossible (Art. 9 (2)(j) DSGVO; Sec. 27 (1) BDSG). Our legitimate interest in processing data for these purposes is to report to our funders and donors and to statutory reporting to the ministries of health and to support progress in universal access to health care which is also in the public interest. You may, for reasons arising from your particular situation, object to such a processing at any time by sending an e-mail to privacy@triggerise.org

Storage duration: The storage duration of your data on the basis of which we create the statistics corresponds to the period of processing according to Section 3.2. If you object to your data processing, your data will no longer be used for this purpose. The statistics are anonymous.

SECTION 4 – COOKIES AND TRACKING ON OUR WEBSITES

Our Websites uses so-called “cookies”. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s device (computer, tablet, or phone). We use the term “cookies” to refer to all tools that collect data on our Website (e.g. IP addresses, place and time of the visit of the users). The user’s data collected in this way is pseudonymized. The data is not stored together with the user’s other personal data. This processing is carried out on a legal basis or, where required by law, based on your consent.

SECTION 5 – WHERE DO WE STORE YOUR PERSONAL DATA

The personal data that we collect from you is stored in the European Union on (Europe) Cloud Servers of Amazon Web Services EMEA S.A.R.L. with a business seat in Luxembourg. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements of Art. 44 et seq. GDPR for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees under Art. 46 GDPR (such as standard data protection clauses, or exceptional circumstances under Art. 49 GDPR). 

Sensitive information between your browser and our Website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.

SECTION 6 – DISCLOSURE OF YOUR PERSONAL DATA

We use technical service providers to operate and maintain our Services, who act as our processors based on a data processing agreement. Service providers who process personal data on our behalf outside the EEA (or “third countries”) will only be used if the recipient has received a European Commission decision on appropriateness or suitable or appropriate guarantees for this third country or another appropriate safeguard permitting transfer is available under applicable legislation. In addition, we do not transfer your personal data to third parties – except for the purposes listed in section 3 above.

Use justification: The legal basis for the transfer of personal data to the processor and the processing by the processor depends on the legal basis on which we, as data controllers, rely (see Section 3 above)

If we are required based on local laws in the jurisdiction in which we or our affiliates operate to disclose or share your personal data.

Use justification: Legal obligation.

We may also share your personal data with trusted research partners who may process information on behalf of Triggerise for the purposes set out in this privacy notice pursuant to appropriate data processing agreements that provide full protection for your personal data. 

SECTION 7 –  HOW LONG DO WE RETAIN YOUR PERSONAL DATA

We will hold the above data for as long as it is necessary in order to provide you with the Services, deal with any specific issues that may arise or, otherwise, as it is required by law or by any relevant regulatory body. Specific storage periods for the respective processing activities are detailed in Section 3 above.

If your personal data is used for two different purposes, we will retain it until the purpose with the longest period expires, but we will stop using it for the purpose with the shorter period as soon as the shorter period expires.

We restrict access to your personal data to the persons who need to use it for the relevant purpose(s). Our retention periods are based on reasonable business needs, and your personal data that is no longer needed is either anonymized (and the anonymized data may be retained) or securely destroyed.

SECTION 8 –  YOUR RIGHTS

Under GDPR, you have various rights in relation to your personal data (as listed below). All of these rights can be exercised by contacting us at privacy@triggerise.org.

Right to withdraw consent: You have the right to withdraw your consent at any time by notifying us by email to the following address: privacy@triggerise.org or by sending an sms to any of the short codes that we use in the countries in which we operate. By withdrawing your consent, the lawfulness of the processing based on consent up until the point of withdrawal will not be affected. 

Right to object: You have a right to object under the conditions of Article 21 DSGVO. Below you will find more detailed information:

Right to object where the processing is based on legitimate interests: As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions. In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. 

Right to object where we process your personal data for statistical purposes: If we process your personal data for statistical purposes pursuant to Article 9 (2) (j) DSGVO, Section 27 (1) BDSG, you have the right to object to such processing for reasons arising from your particular situation. In the event of such an objection, we will no longer process the personal data concerned for this purpose unless the processing is necessary to fulfil a task in the public interest, or the discontinuation of processing is likely to make it impossible or seriously impair the realisation of statistical purposes and the continuation of processing is necessary for the fulfilment of statistical purposes.

Right to object to direct marketing: Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

To exercise your rights of objection, you may contact us at any time by sending an e-mail to privacy@triggerise.org. 

Right to be informed: As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 GDPR. This means  that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 (1) GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.

Right to erasure / “Right to be forgotten”: As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 GDPR. This means that you generally have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 (1) GDPR applies. You can do this by deleting your account at any time. If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 (2) of the GDPR. The right to erasure (“right to be forgotten”) does not by exception apply if the processing is necessary for one of the reasons listed in Article 17 (3) GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 (3) (b) and (e) GDPR).

Right to restriction of processing: As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 GDPR. This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 (1) GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 (1) (a) GDPR). Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 No. 3 GDPR).

Right to data portability: As a data subject, you have a right to data portability under the conditions provided in Article 20 GDPR. This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) GDPR or on a contract pursuant to Article 6 (1) (a) GDPR and the processing is carried out by automated means (Article 20 (1) GDPR). In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 (2) GDPR). 

Right to Rectification: As a data subject, you have the right to rectification under the conditions provided in Article 16 GDPR. This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

Right to complain: As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 GDPR. The supervisory authority responsible for us is Autoriteit Persoonsgegevens (The Dutch Data Protection Authority),PO Box 93374, 2509 AJ DEN HAAG, The Netherlands Tel: +31708888500.

Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use the services, products or information provided on our platforms or at least those aspects of the services, products or information which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the services, products or information.

SECTION 9- CHANGES TO THIS POLICY

Any changes we make to our Privacy Policy in the future will be posted on this page, and where appropriate, notified to you by sms, email or other notifications. We therefore encourage you to review it from time to time to stay informed of how we are processing your data.