HEADWAY: Fun & Easy Growth
In order to use the services, we will ask you to enter information about your reading preferences, name, email. We also automatically collect from your device language settings, IP address, time zone, type and model of a device, device settings, operating system, Internet service provider, mobile carrier, hardware ID, and other unique identifiers (such as IDFA and AAID). We need this data to provide our services, analyze how our customers use the service, to serve ads.
For improving ourservice and serving ads, we use third party solutions. As a result, we may process data using solutions developed by Facebook, Google, Twitter, Appsflyer, Amplitude, Firebase, Snapchat, Pinterest, Apple, Digital Ocean, Vercel, Iterable, Zendesk, PayPal, Stripe, Microsoft, Tableau, TikTok. Some of the data is stored and processed on servers of such third parties. This enables us to: (1) analyze different interactions (how often users make subscriptions, what is the most popular users’ reading goal, what is the average time spent by users on reading); (2) serve ads (and to show them only to a particular group of users, for example, to subscribers). Consequently, we, in particular, better understand in what of our features and content you see the most value and are able to focus on them to enhance your experience and increase the quality of our products.
“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“EEA” includes all current member states to the European Union and the European Economic Area. For the purpose of this policy EEA shall include the United Kingdom of Great Britain and Northern Ireland.
“Process”, in respect of personal data, includes to collect, store, and disclose to others.
Table of contents
UNDER WHAT LEGAL BASES WE PROCESS YOUR PERSONAL DATA (Applies only to EEA-based users)
1. Categories of personal data we collect
We collect data you give us voluntarily (for example, when you enter your reading preferences, name, email). We also may receive data about you from third parties (for example, when you sign in via Google). We also collect data automatically (for example, your IP address) and use third-party service providers for such collection.
2. For what purposes we process your personal data
We process your personal data:
2.1 To provide our Services
This includes enabling you to use the Services in a seamless manner and preventing or addressing Services errors or technical issues.
2.2 To customize your experience
We process your personal data, such as reading preferences, to adjust the content of the Services and make offers tailored to your personal preferences. As a result of such processing, we will show in App more books from, for example, “Self-Growth” category.
2.3 To manage your account
2.4 To communicate with you regarding your use of our Services
We communicate with you, for example, by push notifications or by emails. These may include reminders and motivational messages encouraging you to continue reading, or other information about the Services. As a result, you may, for example, receive a push notification every day at a particular time reminding you to read. To opt out of receiving push notifications, you need to change the settings on your device. To opt-out of receiving emails, you should click unsubscribe link in the footer of our email.
2.5 To provide you with customer support
We process your personal data to respond to your requests for technical support.
2.6 To research and analyze your use of the Services
This helps us to better understand our business, analyze our operations, maintain, improve, innovate, plan, design, and develop the Services and our new products. We also use such data for statistical analysis purposes, to test and improve our offers. This enables us to better understand what features and categories of books our users like more, what categories of users use our Services. As a consequence, we often decide how to improve the Services based on the results obtained from this processing. For example, if we discover that users more often read book summaries from “Productivity” category, we may create and introduce more of book summaries into this category.
2.7 To send you marketing communications
We process your personal data for our marketing campaigns. We may add your email address to our marketing list. As a result, you will receive information about our products, such as for example, special offers. If you do not want to receive marketing emails from us, you can unsubscribe following instructions in the footer of the marketing emails.
We may send you push notifications for marketing purposes. To opt out of receiving push notifications, you need to change the settings on your device.
2.8 To personalize our ads
We and our partners, including Facebook and Google, use your personal data to tailor ads and possibly even show them to you at the relevant time. For example, if you have installed our App, you might see ads of our products, for example, in your Facebook’s feed.
How to opt out or influence personalized advertising
iOS: On your iPhone or iPad, go to Settings > Privacy & Security > Apple Advertising and deselect Personalized Ads.
Android: To opt-out of ads on an Android device, go to Settings > Privacy > Ads and enable Opt out of Ads personalization. In addition, you can reset your advertising identifier in the same section (this also may help you to see less of personalized ads).
macOS: On your MacBook, you can disable personalized ads: go to System Preferences > Security & Privacy > Privacy, select Apple Advertising, and deselect Personalized Ads.
Windows: On your laptop running Windows 10, you shall select Start > Settings > Privacy and then turn off the setting for Let apps use advertising ID to make ads more interesting to you based on your app activity. If you have other Windows version, please follow the steps here.
Browsers: It is also may be possible to stop your browser from accepting cookies altogether by changing your browser’s cookie settings. You can usually find these settings in the “options” or “preferences” menu of your browser. The following links may be helpful, or you can use the “Help” option in your browser.
Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
To learn even more about how to affect advertising choices on various devices, please look at the information available here.
In addition, you may get useful information and opt out of some interest-based advertising, by visiting the following links:
Network Advertising Initiative – http://optout.networkadvertising.org/
Digital Advertising Alliance – http://optout.aboutads.info/
Digital Advertising Alliance (Canada) – http://youradchoices.ca/choices
Digital Advertising Alliance (EU) – http://www.youronlinechoices.com/
DAA AppChoices page – http://www.aboutads.info/appchoices
Google allows its users to opt out of Google’s personalized ads and to prevent their data from being used by Google Analytics.
2.9 To process your payments
We provide paid products and/or services within the Services. For this purpose, we use third-party services for payment processing (for example, payment processors). As a result of this processing, you will be able to make a payment for a subscription and we will be notified that the payment has been made.
We will not store or collect your payment card details ourselves. This information will be provided directly to our third-party payment processors.
2.10 To enforce our Terms and Conditions of Use and to prevent and combat fraud
We use personal data to enforce our agreements and contractual commitments, to detect, prevent, and combat fraud. As a result of such processing, we may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with our Terms and Conditions of Use).
2.11 To comply with legal obligations
We may process, use, or share your data when the law requires it, in particular, if a law enforcement agency requests your data by available legal means.
3. Under what legal bases we process your personal data (applies only to EEA-based users)
In this section, we are letting you know what legal basis we use for each particular purpose of processing. For more information on a particular purpose, please refer to Section 2. This section applies only to EEA-based users.
We process your personal data under the following legal bases.
3.1 Your consent
Under this legal basis we will send you marketing emails. You have the right to withdraw your consent at any time by clicking on unsubscribe link in the footer of our marketing emails.
3.2 Performing our contract with you
Under this legal basis we:
Provide our Services (in accordance with our Terms and Conditions of Use);
Customize your experience;
Manage your account and provide you with customer support;
Communicate with you regarding your use of our Services; and
Process your payments.
3.3 Legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data
We rely on legitimate interests:
to communicate with you regarding your use of our Services
This includes, for example, sending you push notifications proposing you to read a new book summary. The legitimate interest we rely on for this purpose is our interest to encourage you to use our Services more often. We also take into account the potential benefits to you of reading more of book summaries, which may help you to advance in life and career.
to research and analyze your use of the Services
Our legitimate interest for this purpose is our interest in improving our Services so that we understand users’ preferences and are able to provide you with a better experience (for example, to make the use of App or the Website easier and more enjoyable, or to introduce and test new features).
to send you marketing communications
The legitimate interest we rely on for this processing is our interest to promote our Services in a measured and appropriate way.
to personalize our ads
The legitimate interest we rely on for this processing is our interest to promote our Services in a reasonably targeted way.
to enforce our Terms and Conditions of Use and to prevent and combat fraud
Our legitimate interests for this purpose are enforcing our legal rights, preventing and addressing fraud and unauthorised use of the Services, non-compliance with our Terms and Conditions of Use
3.4 Compliance with legal obligations
4. With whom we share your personal data
4.1 Service providers
We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions. We share your personal information with the following types of service providers:
cloud storage providers (Google, Digital Ocean, Vercel, Namecheap);
data analytics providers (Facebook, Google, Appsflyer, Firebase, Amplitude, Tableau);
measurement partners (RevealBot, Clarity, Sentry, CookieYes);
marketing partners (in particular, social media networks, marketing agencies, Facebook, Google, Twitter, TikTok, Snapchat, Pinterest, Microsoft, LinkedIn);
payment processing providers (Stripe, Solidgate, PayPal); and
communication services providers (Iterable, Zendesk).
4.2 Law enforcement agencies and other public authorities
We may use and disclose personal data to enforce our Terms and Conditions of Use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.
4.3 Third parties as part of a merger or acquisition
As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
5. How you can exercise your privacy rights
To be in control of your personal data, you have the following rights:
Accessing / reviewing / updating / correcting your personal data. You may review, edit, or change the personal data that you had previously provided on the Services.
Deleting your personal data. You can request erasure of your personal data as permitted by law.
When you request deletion of your personal data, we will use reasonable efforts to honor your request. In some cases, we may be legally required to keep some of the data for a certain time; in such event, we will fulfill your request after we have complied with our obligations.
Objecting to or restricting the use of your personal data. You can ask us to stop using all or some of your personal data or limit our use thereof.
Additional information for EEA-based users:
If you are based in the EEA, you have the following rights in addition to the above:
The right to lodge a complaint with supervisory authority. We would love you to contact us directly, so we could address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or where the alleged infringement has taken place.
The right to data portability. If you wish to receive your personal data in a machine-readable format, you can send respective request to us as described below.
To exercise any of your privacy rights, please send a request to firstname.lastname@example.org.
6. Age limitation
We do not knowingly process personal data from persons under 16 years of age. If you learn that anyone younger than 16 has provided us with personal data, please contact us at email@example.com.
7. International data transfers
In particular, if we transfer personal data originating from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission (details available here), or (ii) the European Commission adequacy decisions about certain countries (details available here).
9. Supplemental notice for California residents
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (the “CCPA”). The CCPA provides California residents with the right to know what categories of personal information we have collected about them and whether we disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding twelve months. California residents can find this information below.
Category of Personal Information Collected
Categories of Third Parties Personal Information is Disclosed to for a Business Purpose
Users or third parties you share with
Personal information categories listed in Cal. Civ. Code § 1798.80(e)
Users or third parties you share with
Payment solutions partners
Internet or other electronic network activity
Users or third parties you share with
Inferences drawn from other personal information to create a profile about a consumer
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above.
“Sales” of Personal Information under the CCPA. For purposes of the CCPA, we do not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To designate an authorized agent, please contact us as set forth below.
Verification. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include confirming the email address associated with any personal information we have about you.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as at firstname.lastname@example.org. We will process such requests in accordance with applicable laws.
10. Supplemental notice for Virginia residents
This Supplemental Virginia Privacy Notice only applies if you reside in the Commonwealth of Virginia. Where applicable, it describes how we use and process your personal data and explains your particular rights under Virginia Consumer Data Privacy Act (“VCDPA”).
Disclosures about the use of your personal data
We may collect and use certain information about you, some of which may be personal data (such as your name, email address, IP address, or other information which may be reasonably linked to you), in order to operate the Services and to maximize your experience.
If you would like more information about the categories of your personal data we collect or the purposes for which we collect them, please read Section 1 and Section 2. To learn more about sharing of your personal data with our business partners and other third parties, please read Section 4.
Additionally, VCDPA provides Virginia residents with these data rights:
Opt out of the Processing of your Personal Data for Targeted Advertising. In order to exercise your choice as a Virginia resident, please contact us at email@example.com with the subject line “Virginia Do Not Sell Request”. We will process such requests in accordance with applicable laws.
Please note that we do not process personal data for purposes of (1) the sale of personal data, as defined by the VCDPA, or (2) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
Confirm whether your Personal Data is being Processed. You may confirm whether your personal data is being processed by emailing us at firstname.lastname@example.org.
Appeal a Case with regard to your Request. In the case where we declined to take action on your data rights request or have rejected your request, you may contact us at email@example.com to initiate an appeal of this decision. Please use the subject line “Appeal of Refusal to Take Action on Privacy Request” and provide the relevant information in the email. Once we receive your appeal, we will notify you in writing within 60 days of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
If your appeal is denied, you may contact the Office of the Virginia Attorney General by these means:
Office of the Attorney General | Virginia.gov
202 North Ninth Street
Richmond, VA 23219
11. Supplemental notice for Nevada residents
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at firstname.lastname@example.org with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A.
12. Data retention
13. How “Do Not Track” requests are handled
14. Personal data controller
GTHW App Limited, a company registered and acting under the laws of the Republic of Cyprus with registration number HE 395742, having its registered address at 24 Peiraios Str., 1st floor, Strovolos, 2023 Nicosia, Cyprus, will be the controller of your personal data.
15. Contact us
Last Update: 28 March 2023