Privacy Policy
1. General Provisions
1.1 Introduction. We place special emphasis on the protection of personal data of our users and other persons who provide us with their personal data. These Privacy Policy (hereinafter referred to as the "Privacy Policy") provide you with the necessary information on how we, Hodegami s.r.o., ID No.: 19739681, with its registered office at Vlastislavova 152/4, Nusle, 140 00 Prague 4, Czech Republic, collect, store, and further process your personal data in the position of data controller, particularly in connection with the provision of our services (hereinafter referred to as the "Services") via the mobile application Amicara (hereinafter referred to as the "Application"), our website www.amicara.ai
(hereinafter referred to as the "Website"), or in any other way.
1.2 Application. The Application helps users cope with family crises and assists during divorces and separations. However, the Application is not a medical device, and we do not provide healthcare services under the applicable legislation.
1.3 Use. This Privacy Policy explains and informs you about (i) how we collect and process your personal data, and (ii) what rights you have and how you may exercise them.
1.4 Familiarization. We recommend that you carefully read this Privacy Policy. By continuing to use our Website and providing your personal data, you confirm that you have been informed about how we use your personal data, as set out in this Privacy Policy and the relevant privacy notices.
1.5 Applicable Legislation. This Privacy Policy provides you with information arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter "GDPR").
2. Contact Details of the Controller
2.1 Contact Details. You can contact us directly at our email amicara@tkcgroup.cz or at our address (hereinafter referred to as the "Contact Details").
2.2 Data Protection Officer. We have appointed an external Data Protection Officer (DPO) whom you may contact with any questions or concerns regarding our personal data policies or practices. You can contact the DPO at dpo.amicara@tkcgroup.cz.
3. Terms and Definitions
identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, date of birth, location data, or email.
3.2 Processing of Personal Data – means any operation or set of operations performed on your personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
3.3 Controller – means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
3.4 Processor – means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
3.5 Purpose – means the reason for which the controller processes your personal data.
3.6 Cookies – a cookie is a small data file (text file) that a website – when visited by a user – asks the browser to store on your device in order to remember information about you, such as your language preferences or login details. The cookies we use can be divided into cookies we use ourselves (technical cookies), which are necessary to provide you with the functionality of the website, and third-party cookies – which come from another domain (for advertising and marketing purposes). This also includes other techniques that function in a similar way. For more information, please see our Cookie Policy.
3.7 Recipient – means a person to whom personal data is disclosed.
3.8 Third Party – means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
3.9 Consent – means any freely given, specific, informed, and unambiguous indication of your wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to you.
4. Per. Data Processed, Purposes, Method, Duration of Per. Data Processing
4.1 Scope of Processed Data
4.1.1 Sources of Personal Data. We obtain your personal data from various sources, in particular:
● when you register on the Website or in the Application;
● when your organization provides you with access to the Application;
● when you use our Services (via the Application, the Website, or email);
● when you are our existing or potential customer, i.e., a person using Amicara for their employees, or a representative of a customer.
4.1.2 Collected Data. We process only such personal data that you provide to us through the sources described above. We mainly process the following personal data:
● Registration Data: first name and surname, email, phone number, password, gender, number of children, marital status, pets, and education.
● Conversation Data: any information you provide within conversations when using the Services, such as information about your relationship, current difficulties, including information about third parties.
● Sensitive Data: you may choose to provide, within conversations when using the Services, personal data concerning your health condition, sexual orientation and sexual life, racial or ethnic origin, religious beliefs, and other data under Article 9 of the GDPR, or data concerning criminal judgments and offenses under Article 10 of the GDPR.
● Cookie Data: when accessing or using the Website or the Application, we may use cookies and other tracking technologies to automatically collect the following information: device information (hardware model, operating system information and version, unique device identifiers, mobile network information, device storage information), location information (IP address, time zone, mobile service provider information), usage data (including but not limited to: frequency of use, areas and functions of our Website or Application you visit, general usage patterns, engagement with individual features).
4.1.3 Purpose, Grounds, and Duration of Processing. We process your personal data for the following purposes:
Processing of User Data
● Provision of Services. We process the personal data described above for the purpose of providing the Services, in particular for conducting conversations. This may also include transferring your personal data to crisis hotline operators or public authorities, and transferring anonymous data on the use of the Application (on services paid for by your organization) to your organization in accordance with the Amicara Terms of Use. We process this personal data for the duration of the contractual relationship we have with you, or until the deletion of conversation history. The legal basis for this processing is the necessity to perform a contract, and the exception for processing Sensitive Data is your consent.
● Further Development of Services using Sensitive Data. With your consent, we use your personal data, including Sensitive Data, to develop our Services and improve the quality of conversations. The legal basis and exception for the use of Sensitive Data is your consent. For this purpose, we process your personal data for up to 5 years from their collection, but no longer than until consent is withdrawn.
● Further Development of Services without using Sensitive Data. We also use your personal data, excluding Sensitive Data, to improve our Services, the Website, and the Application, in particular to train artificial intelligence algorithms that run the Website and Application, to make your experience with our Services even more enjoyable. The legal basis is our legitimate interest in further improving our services, for a period of 2 years from their collection.
● Promotion of Services and our other products. If you use the Services, we use your personal data described above, excluding Sensitive Data, also to promote our products and services, including sending promotional messages. The legal basis for this processing is our legitimate interest in promoting our activities, and we process your personal data for the duration of the contractual relationship and for 2 years thereafter.
Processing of Customer Data and their Representatives
● Conclusion and Performance of Contracts with Customers. We process your Customer Relationship Data for the purpose of concluding and performing contracts, in particular contracts for the provision of access to Amicara. If you are the customer yourself, we process this data on the basis of the necessity to perform a contract; if you are a customer’s representative, we process the data on the basis of our legitimate interest in properly performing contracts with customers, always until the termination of the concluded contract.
● Support of Sales of our Services. We also process your Customer Relationship Data to support the sales of our services, on the basis of our legitimate interest in promoting our activities, or, where consent has been granted, on the basis of such consent. For this purpose, we process your personal data until 2 years have passed from their collection or from the termination of cooperation, or, in the case of consent-based processing, until such consent is withdrawn.
Common Purposes of Processing
● Compliance with General Legal Obligations. We also process your Registration Data and Transaction Data in the case of users, and Customer Relationship Data in the case of existing or potential customers and their representatives, in accordance with applicable accounting or VAT laws, because we are required to retain such data for a certain period (this specific period may vary depending on applicable legislation in different countries). Where such a legal obligation exists, we retain the relevant documents together with your personal data for the period prescribed by applicable legislation.
● Protection of our Rights and Legitimate Interests. We further process your personal data described above on the basis of our legitimate interest in enforcing our claims against you and/or in protecting and enforcing our claims, and the exception for processing your Sensitive Data is the establishment, exercise, or defense of our legal claims. For this purpose, we process your personal data for the period corresponding to the statutory limitation period.
● Operation and Security of the Website and Application (functional cookies). We process your Cookie Data that is necessary for the operation of the Website and Application, including their presentation, functionality, and ensuring your security. Within this purpose, we identify you as a visitor during browsing or repeated log-ins to the Website and Application. The legal basis for this processing is our legitimate interest in the proper functionality and operation of our Website and Application. We generally retain your personal data for up to 2 years from your visit to our Website and Application.
● Promotion and Marketing on our Website and in the Application (marketing cookies). We process your Cookie Data necessary for targeting and displaying our advertising (marketing cookies), whereby your data may also be shared with third parties. Within this purpose, we promote and sell products and services on the Website and in the Application and display marketing messages related to products and services you have shown interest in, and we promote our brand through online advertising, whereby your data may also be shared with third parties. The legal basis for this processing is your consent given via the Cookie Panel. We retain your data for the duration of your consent, but in any case no longer than 2 years from receiving your consent.
● Website Traffic Analysis (analytical cookies). We also process your Cookie Data necessary for analyzing the traffic of our Website (analytical cookies). Within this purpose, we monitor the traffic of our Website and Application, optimize them, ensure the security of your data, and improve their smoothness and user-friendliness, whereby your data may also be shared with third parties. We process your data on the basis of your consent given through the Cookie Panel. We retain your data for the duration of your consent, but in any case no longer than 2 years from receiving consent.
4.2 Cookies
4.2.1 When using our Website and Application, we may process your personal data (Cookie Data) through cookies and other tracking technologies. Cookies are small text files stored in your web browser that allow us or a third party to recognize you. Cookies may be used to collect, store, and share parts of information about your activities across different websites, including our Website and Application. This also applies to other similar technologies used for this purpose.
4.2.2 We use the following cookies:
● Technical cookies – necessary to ensure the proper functioning of the Website;
● Third-party cookies – tracking cookies, analytical/targeting cookies.
4.2.3 You can set your preferences to allow or refuse all cookies or only certain types of cookies. Refusing cookies may negatively affect the functionality of the Website, including the Website itself. You may adjust your cookie choices at any time or delete them from your electronic device at any time. Detailed information regarding cookies is available on the website of your web browser provider. Please read more in our Cookie Policy.
4.2.4 Anonymization of Data. We will anonymize the data processed for the purposes mentioned above during processing. Such anonymized data cannot be linked, without taking additional steps, to any individual to whom such data may relate. Anonymized data will be used in particular for further development of the Services and improving the accuracy of recommendations. Appropriate technical and organizational measures will be used to safeguard the rights and freedoms of individuals and to prevent any re-identification of data subjects. We will not attempt to re-identify individuals to whom anonymized data relates.
4.3 Methods of Data Processing. We process your personal data to the extent and for the purposes described above automatically, which also includes the use of statistical methods. In some cases, we may also process your personal data manually.
4.4 Children’s Data. We do not knowingly collect or request personal data from persons under 16 years of age. If you are under 16, please do not attempt to register on our Website, request our Services, or send us any personal data.
4.5 Consequences of Failure to Provide Data. The provision of your personal data is a requirement necessary for the conclusion of a contract for the provision of our Services. If you fail to provide such data, we would not be able to provide our Services to you.
5. Transfer of Personal Data to Third Parties and Recipients of Personal Data
5.1 Data Transfers. We are entitled to transfer personal data collected in the ways described above to third parties, in particular, in the case of users, to your organization and other entities that provide certain services related to the provision of our Services, including the operation of the AI chatbot, administration or IT support, organization, and storage of personal data, etc. We may also transfer users’ personal data to crisis hotline operators or public authorities in accordance with the Amicara Terms of Use. These entities act either as processors or controllers of your personal data.
5.2 Recipients. The personal data collected may, in particular, be shared with the following recipients:
● If you are in the position of a user: with your organization, which has access to anonymized information on the use of services paid for by the organization and acts as a data controller; with our AI chatbot providers, who may, in certain cases, have access to your personal data and act as data processors; and with crisis hotline operators or public authorities in accordance with the Amicara Terms of Use, who act as data controllers.
● In all cases: also with our IT systems providers, who may, in certain cases, have access to your personal data and act as data processors; our external providers of accounting services, who are necessary for the fulfillment of our legal obligations and act as data processors; and finally, our external providers of legal services, who are necessary for the enforcement of our claims and for the protection of our legal rights, acting as processors or controllers of data.
5.3 Adequate Level of Security. We guarantee that we have concluded a data processing agreement with processors who ensure the same level of security of your personal data as described in this Privacy Policy. We also strive to ensure that all controllers with whom we share any personal data provide adequate security of the processed personal data. In cases where personal data is transferred outside the European Economic Area to OpenAI OpCo, LLC (USA), which applies in particular to users in relation to the operation of the AI chatbot, we ensure that in all cases a sufficient level of protection of such transferred personal data is guaranteed in accordance with the GDPR.
5.4 Confidentiality and Exceptions. We, including processors and controllers, are obliged to maintain the confidentiality of all personal data. The exception is the obligation to disclose personal data to designated public authorities and other entities that are legally entitled to request personal data (i.e., the Police of the Czech Republic, the Tax Authority, etc.).
6. Security of Your Personal Data
6.1 Security Measures and Policies. We have implemented in our system the necessary technical and organizational measures of internal control and information security processes that correspond to best practices and are proportionate to the potential risks. At the same time, we take into account the perspective of future technological developments in order to protect your personal data from unauthorized disclosure, access, or loss. These measures include, among others, employee training in personal data protection, regular data backups, data recovery procedures, mechanisms of accountability for breaches of protected data, as well as software and hardware protection.
7. Your Rights
7.1 Information Provided. If you exercise a right in accordance with this Article 7 of the Privacy Policy or under any other applicable legal regulation, we will inform each recipient who processes your personal data of the measure taken, provided that such communication to the recipient is possible and/or does not require disproportionate effort.
7.2 Exercising Rights. If you wish to exercise your rights or obtain relevant information, please contact us through any of our Contact Details. When you contact us, we may need to ask you to provide your identification details or other personal data that you previously provided to us. Providing this information is necessary to verify that it is indeed you who submitted the request. We will provide a response no later than one month after receiving such a request, while reserving the right to extend this period by two months.
7.3 Your Rights. In accordance with applicable legal regulations, you may request access to the personal data we process as the Data Controller, the right to rectification, erasure, or portability, the right to lodge a complaint, the right to request restriction of processing, and the right to object to processing. You may withdraw your consent to the processing of personal data at any time.
7.4 Rectification of Your Personal Data. In accordance with the GDPR, you have the right to rectify inaccurate or incomplete personal data that we process about you. If you wish to request the rectification of your personal data, you may contact us using any of our Contact Details. We take steps to ensure that your personal data is accurate and up to date. You may contact us at any time with such a request while we continue to process your personal data.
7.5 Erasure of Your Personal Data. You may request the erasure of your personal data at any time. Once you submit such a request to us, and if one of the grounds for erasure applies, the relevant personal data will be deleted from our databases without undue delay, unless we process some of your personal data due to our legal obligation or for the establishment, exercise, or defense of our legal claims.
7.6 Withdrawal of Consent to the Processing of Personal Data. You may withdraw the consent you have given to the processing of personal data at any time without giving any reason. If you wish to withdraw your consent, please notify us through any of our Contact Details. Please note that withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
7.7 Access to and Portability of Your Personal Data. You have the right to obtain information about the processing of your personal data and a copy of the personal data we process. If you request it, we may transfer all or part of the personal data you have provided (processed by automated means based on a contract or consent) directly to a third party (another data controller) that you designate in your request, provided that such a request will not have a negative impact on the rights and freedoms of others and is technically feasible.
7.8 Restriction of Processing. If you submit a request to restrict the processing of your personal data, especially in cases where you have doubts about the accuracy, legality, or necessity of our processing of your personal data, we will assess your request and may restrict the processing of your personal data to the minimum necessary (processing for the purpose of assessment, enforcement, or defense of our legal claims, or for the protection of the rights of another natural or legal person, or for other reasons). However, if we lift the restriction of processing and continue processing your personal data, we will notify you of this without undue delay.
7.9 Objection to Processing. You have the right to object at any time to the processing of your personal data based on your particular situation, if such processing is based on our legitimate interest. We will not further process your personal data unless we are able to demonstrate a compelling legitimate interest or if such processing does not relate to direct marketing.
7.10 Complaint to the Data Protection Authority. You have the right to lodge a complaint regarding our processing of personal data with the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, website: https://www.uoou.cz/.
8. Updates to this Privacy Policy
8.1 Updates. We regularly update this Privacy Policy. Any changes to this Privacy Policy become effective once they are published on this website: www.amicara.ai.
Questions and Notes
If you have any comments or questions regarding any part of this Privacy Policy, require support, or have any claims, please contact us at amicara@tkcgroup.cz.