PRIVACY POLICY

Last updated on 20 Jun 2025

1. The controller of the Personal Data of the Service available the corresponding mobile application - Relief, hereinafter jointly referred to as the “Service” “Application”, is ZapLQ OÜ, a company duly incorporated under the laws of Estonia, having its registered office at Katusepapi tn 6-502, Lasnamäe linnaosa, Harju maakond Tallinn, Estonia, 11412, hereinafter referred to as the Personal Data Controller or The Controller. Email hi@harmonyapps.io or by mail to the company address stated above.

2. The Controller has appointed a Personal Data Protection Officer, email address of the officer hi@harmonyapps.io. Any enquiries, requests, complaints relating to the processing of personal data by the Personal Data Controller, hereinafter referred to as Notifications, should be addressed to the following email address stated in the preceding paragraph or in writing to the Controller's address stated above. The content of the Notification shall clearly state:

  • a. the data of the person(s) referred to in the Notification
  • b. the event that gives rise to the Notification,
  • c. the presentation of the claims and the legal basis for those claims,
  • d. the statement of the expected way to handle the matter.

3. This Privacy Policy applies to the Service as sa mobile application.

4. We collect the following personal data in our Service:

  • a. name and surname: may be processed when you, as a user of our Service (including contractors or potential contractors), provide it to us via email, the registration contact form or the Account data form available in our Service, as well as when you provide it to us via mail or when contacting us by phone, in order to make use of the offer of our Service,
  • b. user name: data processed in connection with the creation and maintenance of the individual User Account. The provision of such data is necessary to complete the creation of an Account in our Service,
  • c. email address: may be processed when, as users of our Service (including customers or potential customers), you provide it to us in the event of contact via email, contact form, registration form or order form available in our Service, as well as by mail or phone. By means of email address, we answer questions related to our offer and we also pass on information related to the performance of the concluded contract. In addition, if you have agreed to the transmission of marketing content and have become a subscriber to our newsletter, we may also send you commercial and marketing information several times a month,
  • d. IP address of the device: information resulting from general internet connection rules, such as IP address (and other information in system logs), is used for technical and statistical purposes, including, in particular, the collection of general demographic information (eg about the region from which the connection is made),
  • e. other data may be also collected as part of the handling of specific cases or may be provided by you as a user of our Service via email, the contact form available in the Service, the comments section available in the Service, mail, or when contacting us by phone.

5. Each person, as a user of our Service, has the opportunity to choose whether and to what extent to use our services and share his/her information and data, to the extent set out in the contents of this Privacy Policy.

6. We process your personal data for the purposes of:

  • a. ordering the services offered by us in connection with the Service (Article 6(1)(b) GDPR): in this respect, the personal data provided will cease to be processed once the specific transaction has been completed,
  • b. the conclusion and performance of contracts in connection with the services we offer (Article 6(1)(b) GDPR): in this respect, personal data will cease to be processed once the relevant contract has been completed,
  • c. keeping an individual user account (Article 6(1)(b) GDPR): in this respect, personal data will cease to be processed when the user deletes the account,
  • d. carrying out the (subscription) newsletter service and sending marketing content (Art. 6(1)(a) GDPR): in this regard, the personal data provided will be deleted on the withdrawal of consent and unsubscribing from the newsletter list,
  • e. complying with legal obligations incumbent on the Personal Data Controller, in particular record-keeping, issuing invoices, etc (Article 6(1)(c) GDPR): in this respect, the personal data will be deleted once certain legal obligations have been fulfilled,
  • f. ongoing communication related to the operation of the Service (Article 6(1)(f) GDPR, ie legitimate interest of the Personal Data Controller): in this regard, your personal data will cease to be processed when the relevant question(s) is/are answered,
  • g. establishing, asserting or defending against claims (Article 6(1)(f) GDPR, ie legitimate interest of the Personal Data Controller): in this respect, personal data will be deleted when the relevant claims expire, but as a general rule after the expiry of the 3-year limitation period for claims,
  • h. the express consent of the data subject for the performance of the contract and the provision of services (Art. 9(2)(a) GDPR): with regard to the processing of health data (special categories of personal data) referred to in point 3(b) of this Policy, as well as with regard to the profiling referred to in point 12, with regard to the profiling of health data: in this respect, personal data will cease to be processed upon withdrawal of consent or deletion of the Account.

7. The source of the Personal Data processed by the Controller is you, ie the data subjects.

8. If any social media links to the Controller's social media accounts are present, as well as in the extent to which logging in via external sites is made possible, there is a co-control relationship between the Controller of this Service and the controller of the external site. The co-control is limited only to the data in the scope necessary for operations related to the functioning of the respective button. The Controller is not responsible for the policies regarding the further processing of personal data of other entities and organisations or social network providers. Our Co-Controllers within this Service are:

  • a. Meta Platforms Ireland Ltd. (Facebook, Instagram) with the seat at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
  • b. Google Ireland Ltd. (Google Workspace, Google Play, YouTube) with the seat at: Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland,
  • c. Apple Distribution International Ltd. (App Store, Apple ID) with the seat at: Hollyhill Industrial Estate, Hollyhill, Cork, Ireland,

9. Controller uses several tools to analyze how users interact with our app and improve your experience. These tools help the Controller understand how you find our app, what features you use most often, and how the Controller can make the app even better.

AppsFlyer:
Helps the Controller to understand how you find our app, such as through which advertiser or app store.
Provides analytics tools to analyze your app usage.
Allows you to opt out of having your data sent to AppsFlyer.

Facebook Analytics:
Provides aggregated demographics and insights on app usage, such as launch rate, purchase frequency, and other interactions.
Helps the Controllert understands how different groups of users interact with the app.

Amplitude:
Tracks user interactions within the app to help us understand which features are most popular. Helps the Controller to prioritize development efforts based on user behavior.
Is EU-US Privacy Shield certified and provides more information on data processing in its Privacy Policy.

Google Analytics:
Analyzes how visitors use the application and measures the effectiveness of certain ads.
Provides information on user interactions within the website and data entered by users.
Allows you to influence data collection and processing through a browser plugin.

The Controller takes your privacy seriously and only uses these tools to improve your app experience. You have the right to opt out of data collection by AppsFlyer and to influence data collection by Google Analytics. The Controller encourage you to review the privacy policies of each tool for more information on how they handle your data.

By using the Application, you agree to the use of these tools and the collection of your data as described above.

10. We do not share any personal data with third parties without the express consent of the data subject. Data may be disclosed without the consent of the data subject only to entities authorised to process personal data under applicable law (eg law enforcement agencies, or the Tax Office). The Controller shall make personal data of its customers available in particular to: payment operators, companies providing postal and courier services, and tax authorities.

11. Personal data may be outsourced for processing to entities that process such data on our behalf as Personal Data Controller. If this is the case, we, as the Personal Data Controller, shall enter into a personal data processing outsourcing agreement with the processor. The processor shall process the outsourced personal data only for the needs of, to the extent, and for the purposes stated in the outsourcing agreement referred to in the preceding sentence. Without outsourcing your personal data to the Processor, we would not be able to carry out our activities within the Service or deliver to you shipments of ordered Products. As the Personal Data Controller, in particular, we outsource your personal data for processing to the following entities:

  • a. providing accounting services,
  • b. providing tools related to promotional campaigns and marketing,
  • c. SEO companies,
  • d. providing CRM tools,
  • e. providing us with other services that are necessary for the day-to-day operation of the Service including to power in-app purchases, manage customer data, and grow revenue on iOS, Android, get access to product analytics.

12. Personal data may or will be subject to profiling within the meaning of GDPR regulations depending on the content of the contract or the scope of the services provided.

  • a. Profiling with regard to ordinary personal data has its basis in Article 22(1)(a) GDPR, ie the necessity for the conclusion and performance of a contract between the Controller and you related to the provision of services, taking into account the provision of Article 22(3) GDPR,
  • b. in the scope that goes beyond what is necessary for the conclusion and performance of the contract, profiling takes place on the basis of Article 22(2)(c) GDPR, ie your express consent, taking into account the provision of Article 22(3) GDPR,
  • c. where the profiling concerns your special categories of personal data (health data as stated in point 3(b) of this Policy), the basis for profiling is exclusively Article 9(2)(a) read with Article 22(4) GDPR, ie your express consent to the processing of your data for the performance of contracts. This consent is voluntary, but necessary in order to set up an Account in our Service and to actually use the services we offer,
  • d. profiling that concerns your specific personal categories may also take place in connection with the implementation of direct marketing. In this respect, the legal basis for profiling in this respect is Article 9(2)(a) read with Article 22(4) GDPR. This consent is fully optional and is separate from the consent for direct marketing.

13. In accordance with the provisions of GDPR, every person whose personal data we process as a Personal Data Controller has the right to:

  • a. access their personal data as referred to in Article 15 GDPR,
  • b. be informed of the processing of personal data, as referred to in Article 12 GDPR,
  • c. correct, complete, update, rectify personal data as referred to in Article 16 GDPR,
  • d. withdraw consent at any time, as referred to in Article 7(3) GDPR,
  • e. erasure (right to be forgotten) as referred to in Article 17 GDPR,
  • f. restrict the processing referred to in Article 18 GDPR,
  • g. data portability as referred to in Article 20 GDPR,
  • h. object to the processing of personal data, as referred to in Article 21 GDPR,
  • i. in the case of a legal basis, in the form of consent: the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal,
  • j. not be subject to the profiling referred to in Article 22 read with Article 4(4) GDPR,
  • k. lodge a complaint with the supervisory authority referred to in Article 77 GDPR.

14. If you wish to exercise your rights referred to in the preceding paragraph, send a message by email to the email address or in writing to the postal address as referred to in point 2 above.

15. Each identified security breach shall be documented and, in the event of one of the situations set out in the provisions of GDPR or of the act, the data subjects and, if applicable, the applicable data authority shall be informed of such security breach.

16. In matters not governed by this Privacy Policy, the relevant provisions of generally applicable law shall apply accordingly. In the event of any inconsistency between the provisions of this Privacy Policy and the said regulations, these regulations shall prevail.

17. To provide storage and email newsletters we might transfer your data to our partners outside the EU. We are committed to ensuring your personal data is protected when transferring to third countries without an adequate level of protection, namely the U.S. In light of the EU-US Privacy Shield being invalidated, Standard Contractual Clauses (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN) are currently relied on. Reflective Technologies acknowledges the comments in the Schrems II decision that additional safeguards may be needed to supplement such clauses. We are currently assessing our transfers and working with our partners to implement safeguards, along with the updated Standard Contractual Clauses.

18. Relief has implemented appropriate technical and organisational security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to. These measures include encryption and pseudonymisation. Access to your personal data is granted strictly on a need to know basis and we have carefully selected our service providers with security considerations in mind.

19. Relief is constantly reviewing its Privacy Policy to ensure compliance with data protection legislation. Our app is also constantly evolving and new features and services may change how we process your personal data. Any substantive or material change to this Privacy Policy will be brought to your attention.