We want everyone to enjoy using ehoa. For this reason we'd like to reassure you of what we will and won't do with any information you provide or create in ehoa the app.

Please read our privacy policy below to make sure you're in the know.

Privacy

The Service is an energy, emotion, period and moon tracking tool created by Wahine marama ltd called ehoa. ehoa is undertaking research to explore the patterns in energy and emotions that someone feels when we understand where they are at within their menstrual cycle and the phases of the moon.  

In order to provide the Service, the mobile application, the research, the Website, and to otherwise conduct its business, ehoa may collect some personal information about you. Personal information is information that can be used to personally identify you such as your name, location, iwi, email address and information about your menstrual cycle. We understand that this is highly sensitive information, and we want to ensure that this information is protected as we know you do too! Thats why we are implementing industry best practices and standards to keep your information safe and secure.

Privacy Protected

Where you provide personal information to us, we will comply with the New Zealand Privacy Act 2020 and other applicable privacy laws and data protection laws (if applicable) (together, “Privacy Laws”). This document is our privacy policy and it tells you how we collect and manage your personal information.

Personal information is information about an identifiable individual (a natural person), and includes personal data, personally identifiable information and equivalent information under applicable privacy and data protection laws.

This privacy policy does not limit or exclude any of your rights under Privacy Laws. For further information on the New Zealand Privacy Act 2020, see www.privacy.org.nz.

This privacy policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. We are happy to provide any additional information or explanation needed. Any request for further information should be sent to hello@ehoa.app.

Definitions

In this privacy policy:

ehoa means the Service provided for anyone that downloads and uses the ehoa mobile application.

Service means the services offered on the mobile application available on the apple and google app stores.

User Data means any Content, materials or other information that you post to the Service or provide to us or in connection with accessing the Service

Website means the internet sites ehoa owns and operates, including www.ehoa.app.

Any further capitalised terms used but not defined in this privacy policy have the meanings given to them in ehoa’s Terms of Use.

Kinds of personal information we collect:

We may collect the following information from the following types of users:

Research Participants

1. If you are a ehoa research participant: country, iwi and data that you have input in relation to your energy, emotions and menstrual cycle. All other information about you including identifying information will not be disclosed as part of our research findings.

Users 

1. We may collect your full name, we may also collect personal information generated by your use of the Services, such as transactional information, data that you have input and behaviour while using the app.
2. If you are using ehoa, we may also collect your date of birth.

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our App, Website or Services.

The ways we collect personal information:

We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in different ways including:

1. through your access and use of our App, Website, including when you fill in a contact or enquiry form or sign up to our newsletter or other electronic alerts;
2. during conversations between you and our representatives (including telephone phone and email); or
3. when you use the Services, including when you create an account and input data.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, some or all of the following may happen:

1. we may not be able to provide the Services to you (either to the same standard or at all);
2. we may not be able to provide you with information about Services that you may want; or
3. we may be unable to tailor the content of our App, Website or Services to your preferences and your experience using these may not be as enjoyable or useful.

Use of personal information:

We collect personal information about you so that we can perform our Research, business activities and functions (such as providing you with the Services and Application and Website) and to provide the best quality of customer service.

The personal information provided to us is collected, and may be used, for:

1. Completing the Research Project that we are undertaking and publicly presenting the findings of our research (no user will be identified in the research) for the purposes of uncovering new knowledge to help women and people with periods have a deeper understanding of their bodies and lives.
2. providing or improving the Application, Service and Website (including processing or responding to any request or complaint made by you);
3. monitoring Service and Application and Website usage and compliance with any contracts you have entered into with us;
4. carrying out internal research and development;
5. providing information to you about additional products or services that may be of interest to you (including direct marketing);
6. if you are either an Organisation or a Private user:  providing billing details (names and email addresses) of users accessing the Service under that plan to Banqer’s sponsorship partner, for auditing purposes only;
7. compliance with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country; or
8. for any other purpose authorised by you or applicable law.

In addition to any circumstances allowing us to use or disclose personal information under the Privacy Laws, we may use or disclose your personal information where reasonably necessary to investigate any complaint or to protect your, our or another person’s rights or safety.

You can stop receiving our marketing emails by following the unsubscribe instructions included in those emails or contacting us at hello@ehoa.app

Disclosure of personal information:

We may disclose your information to:

1. our employees, related bodies corporate, contractors or service providers for the purposes of operating our Application, Website, our research, business or the Services, fulfilling requests by you, and to otherwise provide the Services and Website to you including, without limitation, web hosting providers, IT system administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators and professional advisors (such as accountants, solicitors, business advisors and consultants);
2. suppliers and other third parties with whom we have commercial relationships (such as our sponsorship partners) for internal business audits. Aggregate and anonymised data may also be provided for marketing campaigns and related purposes;
3. persons who can require us to supply your personal information (e.g. a law enforcement agency or regulatory authority) or authorised by applicable law; and
4. any other person for any authorised purpose with your express consent.

If we enter into an agreement for a bona fide sale of our business (assets or shares, whether in whole or in part) to a third party, your personal information may be transferred to the third party purchaser. You acknowledge and agree that such transfers may occur, and that any acquirer of ehoa or its assets may continue to access and use the User Data and User Submissions as set out in the Terms of Use and this privacy policy.

Collection and use of aggregate personal information

You agree that we may retain and aggregate personal information, including your User Data and User Submissions, for our research, marketing purposes and may provide aggregate personal information to third parties, provided that such use does not enable the identification of any individual, i.e. is anonymised.

International transfer of personal information:

A person or business that supports our application, website, products and services may be located outside of New Zealand (the country where we are incorporated) and also outside of the country where you are located. This means that the personal information we collect may be transferred to, and stored in, a country outside of New Zealand and the country where you are located.

Protecting your personal information:

As required by applicable law, we will take steps to keep your personal information safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks inherent in processing personal information.

You play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to our products and services. You should not disclose your password to third parties.

If you become aware or suspect that any unauthorised person has obtained, or attempted to obtain, access to personal information or has used or attempted to use personal information for purposes not authorised or permitted by our Terms of Use or this privacy policy:

1. you must immediately notify us; and
2. we may at our discretion take such steps as are reasonably available to us to identify that unauthorised person and to prevent that access. To avoid doubt, where the unauthorised access or use is by a Private User or a student, teacher or employee of an Institution, or is caused by a breach of the Terms of Use or any part of this privacy policy by a Private User or a student, teacher or employee of an Institution, the relevant unauthorised or breaching person must pay us reasonable costs related to taking such steps.

Cookies:

We may store personal information through the use of cookies. Cookies are alphanumeric identifiers that the Website or Services transfer to your computer’s hard drive to enable our systems to recognise your browser.

We use the term cookies in this privacy policy to mean cookies or similar technologies such as web beacons, clear GIFs, and pixel tags.

The cookies we use may be first party cookies (i.e. set by us) or third party cookies (i.e. cookies set on our website by a person other than us). The third party companies that place cookies on our website will have their own privacy policies.

For visitors to our Website that have not created an account with us, we may use cookies to track the user as they navigate the Website and to improve the Website’s usability. These cookies do not collect any personal information about the user.

If you set up an account with us, we may use cookies to manage the signup process, to remember who you are while you are using the Service, to track your use of the Service and to improve the Service’s usability. These cookies will usually be deleted when you log out of the Service, however in some cases they may remain after you have logged out to enhance the experience when you return to the Service at a later date.

From time to time we may test new features and make subtle changes to the way the Service is presented. When we are testing new features, cookies may be used to ensure that you receive a consistent experience while using the Service, whilst also ensuring we understand which changes our users appreciate the most.

We use cookies provided by Google Analytics to track things such as how long you spend on the Website and the pages that you visit. For more information on Google Analytics cookies, see the official Google Analytics page.

You can prevent the use of cookies by adjusting the settings on your browser (see your browser help for how to do this). Be aware that disabling cookies will affect, or may disable, some or all of the functionality and features of the Service or Website.

Accessing or updating your personal information:

You have the right to access and request correction of any personal information that we hold about you, subject to certain exceptions (for example, where disclosure would interfere with the privacy of others or breach confidentiality). If you believe any information we hold about you is incorrect, incomplete or inaccurate, then you may request that it be amended. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

Where we hold information that you are entitled to access, we will try to provide you with a suitable means of accessing it (for example, by emailing it to you).

We may charge a fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge you for simply making a request.

Please contact hello@ehoa.app if you would like to request access to or update your personal information. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information to be corrected and the correction that you are requesting).

Subject to applicable law, we may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

Internet use:

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you follow a link on our application or website to another website, the owner of that website will have its own privacy policy relating to your personal information. We suggest you review that website’s privacy policy before you provide personal information to that owner or website.

Data retention policy:

The personal information that we collect and use will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.

Complaints:

If you believe that your privacy has been breached, please contact us on hello@ehoa.app and provide details of the incident so that we can investigate it.

Please make this request in writing. We will attempt to confirm with you as appropriate and necessary your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation and who will handle the investigation process.

After we have completed our investigation, we will contact you to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.

Contact us:

If you have any questions about this privacy policy, please use the contact link on our Website or contact us using the details set out below.

Please contact us at: hello@ehoa.app

Changes to our privacy policy:

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our Website. Please review it regularly. The change will apply from the date that we upload the revised privacy policy.

This privacy policy was last updated on Thursday 30th May 2024

Law:

For the purposes of this Privacy Policy, ehoa means Wahine Marama Limited, a New Zealand Company with the company number 8423646. The relationship we have with you in connection with this Privacy Policy is governed and construed in accordance with the laws stated of New Zealand, and is subject to the exclusive jurisdiction of the courts of New Zealand.

Data Management Plan 

Overview

The purpose of this document is to articulate the process and policies that govern how data moves through the known lifecycle of ehoa data. For context, ehoa data follows a typical data lifecycle with the following stages; collect, describe, store short-term, analyse and check, use, save or destroy.

Usage

It is required that all ehoa employees, contractors, or relevant stakeholders who have any influence over any stage of the data lifecycle familiarise themselves with, and adhere to the plan.

 

Whilst considered an internal document, aspects of this document are able to be shared with external stakeholders (such as customers) should it be requested. It’s important that we’re able to validate the confidence of those who provide us with their data. Should a request to access this plan be received, any response should be reviewed by the owner of the Data Management Plan prior to information being released. This review is to ensure that the information we expose doesn’t unintentionally expose ehoa to any privacy or security vulnerabilities.

Review and Update Mechanism

The dynamic nature of data management necessitates regular reviews and updates to our Data Management Plan. This plan will be reviewed quarterly by the document owner to ensure its continued relevance and effectiveness. 

Additionally, in response to significant changes in the data landscape, whether technological, legal, or project-specific, the plan will be revised accordingly. This approach ensures that our data management practices remain at the forefront of industry standards, adapting to the evolving needs of ehoa and stakeholders.

Types of Data

ehoa is committed to handling a comprehensive range of data types, each integral to the application's functionality and user experience. The handling of this varied data set necessitates a robust and sensitive approach to data management, particularly considering the personal and sensitive nature of the information.

These data types include:

• Quantitative Health Data: Cycle lengths, symptoms, energy, emotions and other measurable health metrics.
• Qualitative Health Data: Personal health experiences, narratives, and feedback.
• Personal Identifiers: Names, email addresses, dates of birth, and other personal information.
• App Usage Data: Information on how users interact with the app, including usage patterns and preferences.
• Feedback and Survey Responses: User-generated responses to in-app surveys or feedback mechanisms.
• Cultural and Demographic Information: Data reflecting users' cultural backgrounds and demographic details, important for understanding the diverse needs and contexts of the user base.

This diverse array of data underscores our commitment to a nuanced and multifaceted data management approach, one that respects the personal and sensitive nature of the information we handle.

Data Collection and Documentation

All data for ehoa will be collected directly through the application. This method ensures a streamlined and user-centric approach to data gathering. To augment the integrity and usability of the data, ehoa will develop comprehensive data dictionaries and coding schemes, particularly for qualitative data. This documentation provides clear guidelines and standards for data collection, processing, and interpretation, thereby ensuring consistency and reliability in the data handling processes.

Data Storage and Security

The storage of data will be executed using a combination of AWS servers and local storage solutions, providing a balance between accessibility and security. To safeguard the sensitive data, robust encryption methods and stringent access controls will be implemented. ehoa will adhere to a well-defined backup strategy, ensuring data resilience and continuity. Compliance with all relevant data protection legislation will be a cornerstone of our data storage and security strategy, reflecting our commitment to ethical data management practices.

Data Access and Sharing

In alignment with the ehoa’s commitment to contributing to broader research and understanding, ehoa will share aggregated and anonymized data with researchers and organisations requiring access to our findings. However, this sharing will be meticulously controlled and executed over secure data sharing platforms. Access to this data will be strictly time-bound, ensuring that data sharing is both responsible and relevant.

Data Retention

ehoa retains user data for a period necessary to fulfil the purposes for which it was collected, typically aligning with the duration of a user's engagement with the app, plus a standard post-engagement period to comply with any legal and research obligations. The specific retention periods vary based on data type, purpose of use, and legal requirements:

• User-Requested Data Destruction: In accordance with our commitment to user privacy and autonomy, ehoa honours requests from users to destroy their personal data. Upon such a request, we will securely and effectively erase the user's personal data from our systems, except where retention is required by law or for legitimate business or research purposes. This process is guided by clear protocols to ensure that the data is irretrievably deleted while maintaining the integrity of our systems and compliance with legal obligations.
• Post-Retention Period: After the expiration of the retention period or following a user’s request for data destruction, ehoa securely destroys or anonymizes the data. This ensures that the information is no longer identifiable or accessible, adhering to our strict data security and privacy standards.

These practices are part of ehoa's broader commitment to respecting user rights, upholding Māori data sovereignty, and maintaining the highest standards of data privacy and security.

Data Preservation

The long-term preservation of data collected by ehoa is a critical component of our data management strategy. ehoa will utilise trusted digital repositories in Aotearoa, ensuring that the data is stored in a secure, accessible, and sustainable manner. The choice of data formats for long-term storage, such as CSV, JSON, and TXT, reflects our commitment to future-proofing our data. Regular backups and a proactive approach to data migration will further bolster our data preservation efforts.

Roles and Responsibilities

The responsibility for managing the diverse aspects of ehoa’s data lifecycle rests primarily with ehoa employees. Under the leadership of Michele Wilson (Kaihautū / CEO), the team is committed to upholding the highest standards of data management. Our technology partnership with Wellington specialists, Abletech, further enhances our capabilities, bringing in additional expertise and resources.

Compliance and Ethical Considerations

ehoa is firmly committed to complying with the New Zealand Privacy Act, ensuring the respectful and lawful handling of personal information. ehoa places a high premium on the ethical management of health information, reflective of the sensitive nature of the data we handle. Additionally, in alignment with Te Mana Raraunga principles, we are dedicated to upholding Māori data sovereignty, ensuring that our data practices are in harmony with Māori values and ethics. Regular reviews will be conducted to ensure ongoing compliance with all legal and ethical standards.

Document owner: Michele Wilson (Kaihautū / CEO | ehoa)

Document reviewer: Kendall Flutey (Technology advisor)

Document last updated: 6 June 2024