YouFactors® is a brand of SafeStart International
Our privacy obligations
The terms “We”, “Us”,” Our” means SafeStart Europe Ltd. The terms “You” and “Your” refer to You, as a user of our products, services, and customer support or visitor of our website/ application/ services.
SafeStart Europe Ltd respects your privacy and is committed to protecting it through our compliance with this notice. This Privacy Notice (“Notice”) describes how SafeStart Europe Ltd processes Personal Data in its capacity as a controller (i.e. when SafeStart Europe Ltd determines the purposes and means of the processing of personal data). It also describes your choices and rights regarding your Personal Data which has been mentioned below in detail.
The said policy has been created in compliance to the EU Data Protection Legislation which comprises of- The General Data Protection Regulation (No 2016/679/EU) which came into force on 25 May 2018, Privacy and Electronic Communications Directive 2002/58/EC and other relevant law as will be updated when required.
What is personal data?
Personal data is any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. An identifiable natural person is one who can be identified directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, as set out in
Personal data extends beyond a person’s name or email address. Some examples include name, gender, date of birth, address, feedback, biometric data, IP addresses, ethnicity etc.
The types of Data we process
We collect personal data of our users in order to provide our products, services, and customer support to the best of our ability. Our products, services, and customer support are provided through many platforms including but not limited to: websites, mobile applications, email, and telephone. The specific platform and product, service, or support you interact with may involve the personal data we process.
Safety of Minors
Our products/services are not intended for and may not be used by minors. “Minors” are individuals under the age of 13 (or under a higher age if permitted by the laws of their residence). We do not knowingly collect personal data from Minors or allow them to register. If it comes to our attention that we have collected personal data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.
How we collect personal information
Personal data that you specifically give us
While you use our products and services you may be asked to provide certain types of personal data. This might happen through our website, applications, online chat systems, telephone, paper forms, or in-person meetings. We shall give you a Collection Notice at the time, to explain how we will use the personal data we are asking for. The notice may be written or verbal.
We may process the following personal data:
• Account Details – username, password, profile picture
• Contact Details – email address, phone number
• Location Details – physical address, billing address, time zone
• Identity Details – full name
• User Generated Content – user profiles, user reviews, campaign materials, competition materials, user feedback, survey details, questionnaires, story feeds.
There can be some “User Generated Content” that you provide to us for which you do not have the intention of sharing your personal identifiable details with other users
In cases where such data is collated and used for reporting and analytical purposes, such data shall not carry personal identifiable details such as username, phone number, email and physical address thereby not disclosing the personal data to other users.
Personal data we collect as you use our service
We maintain records of the interactions we have with our users, including the products, services and customer support we have provided. This includes the interactions our users have with our platform such as when a user has viewed a page or clicked a button.
When we are contacted, we may collect personal data that is intrinsic to the communication. For example, if we are contacted via email, we will collect the email address used.
We may collect or process the following:
• Metadata – IP address, computer and connection information, referring web page, standard web log information, language settings, time zone, etc.
• Device Information – device identifier, device type, device plugins, hardware capabilities, etc.
• Actions – pages viewed, buttons clicked, time spent viewing, search keywords, etc.
We may send cookies to your computer in order to uniquely identify your browser and improve the quality of our service. The term “cookies” refers to small pieces of information that a website sends to your computer’s hard drive while you are viewing the site. We may use both session cookies (which expire once you close your browser) and persistent cookies (which stay on your computer until you delete them). Persistent cookies can be removed by following your browser help directions.
The usage information we collect helps us to improve the Website and our services by enabling us to:
All of the above shall be done on the basis of your consent
Links to other sites
How we use personal information
The information we process is primarily used to provide users with the product or service they have requested. More specifically, we may use your personal information for the following purposes:
• to provide the service or product you have requested
• to facilitate the creation of a User Account
• to provide technical or other support to you
• to answer enquiries about our services, or to respond to a complaint
• to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications)
• to allow for debugging, testing and otherwise operate our platforms
• to conduct data analysis, research and otherwise build and improve our platforms
• to comply with legal and regulatory obligations
• if otherwise permitted or required by law; or
• for other purposes with your consent, unless you withdraw your consent for these purposes
The ‘lawful processing’ grounds on which we will use personal information about our users are (but are not limited to):
• when a user has given consent
• processing is necessary for compliance with our legal obligations
• processing is necessary in order to protect the vital interests of our users or of another natural person
• processing is necessary for the performance of a contract to which you may be a party or in order to take steps at the user’s request prior to entering into a contract
• processing is done in pursuing our legitimate interests, where these interests do not infringe on the rights of our users
• processing is necessary for the performance of a task carried out in the public interest
When we disclose personal data
The personal information of users may be held, transmitted to or processed on our behalf, including ‘in the cloud’, by our third-party service providers. Our third-party service providers are bound by contract to only use your personal data on our behalf, under our instructions.
Our third-party service providers include:
• Cloud hosting and storage
• SMS and email providers
• Marketing and analytics providers
Sub-processors are third-party businesses engaged by a processor for performing data processing on behalf of a controller. According to the GDPR, these companies are also accountable for protection of an individual’s personal data. Data protection obligations of sub-processors are to be established by way of contract or other legal acts under the Union or Member State law. This includes providing sufficient guarantees to implement appropriate technical and organizational measures as specified in the regulation.
SafeStart Europe Ltd uses sub-processors (listed below), to assist in providing services as described in our Terms of Service or a similar services agreement customer may have signed with us.
• List of Sub-processors
The Software products of SafeStart Europe Ltd utilizes both infrastructure and services specific vendors to provide product and services to its end-users. The following is an up-to-date list of names and purpose of sub-processors and 3rd-party vendors:
• Infrastructure & Services Sub-processors:
SafeStart Europe Ltd products and services operate on cloud platforms, listed in the table below. SafeStart Europe Ltd holds control and access to data hosted on these services and resides in corresponding data centre facilities based on location. Data subsequently remains in the data centre unless shifted to ensure performance and availability of services. The following table describes the services and purpose for which these infrastructure service providers have been engaged.
Amazon Web Services, Inc.
Primary cloud infrastructure provider for YouFactors, where all SaaS applications are hosted. Almost all data stored, processed and transmitted through YouFactors products and services resides on Amazon Web Services data centres.
SendGrid is used by our products as an email service provider to deliver emails that are triggered programmatically from the products.
Other disclosures and transfers
We may also disclose your personal information to third parties for the following purposes:
• if necessary, to provide the service or product you have requested
• requests for information by law enforcement
• if otherwise permitted or required by law; or
• for other purposes with your consent
As we are a global company, with offices around the world, your personal data may be processed by staff in any of our offices in Europe, the Americas and India. We may share your data within SafeStart, where such disclosure is necessary to provide you with our products and/or services and/or to manage our business and also for the purpose of providing support and maintenance.
International Transfers Outside of the European Economic Area (EEA)
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards under applicable law governing such transfers, which may include:
(i) to a jurisdiction which has been subject to an “Adequacy” decision from the European Commission, meaning the jurisdiction is recognised as providing for an equivalent level of protection for personal data as is provided for in the European Union;
(ii) entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission; or
(iii) in respect of transfers to the United States of America, ensuring that the transfer is covered by Standard Contractual Clauses.
Appropriate security measures are implemented in order to protect your personal data. Security measures refer to physical security in the office (e.g. securely locked filing cabinets etc.) as well as implementing appropriate technology and cyber security measures across our systems and networks in order to prevent any accidental or unauthorised access, interference, damage, loss or disclosure of personal data. In the event of certain types of personal data breaches, we are legally obliged to notify the Supervisory Authority and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.
We use up to date appropriate encryption techniques that your systems support when transmitting data via our systems. However, we cannot guarantee that all internet or email transmission is fully secure or error free and except for our guarantee to use commercially reasonable and up to date measures to technically secure any data transmission. We cannot guarantee their absolute security and we therefore cannot be held liable for intercepted information sent via the internet or for third parties using revoked, stolen, forged, or otherwise insecure certificates. You should therefore take special care in deciding what information you send us via email and keep this in mind when disclosing any personal data to us or to any other party via the Internet.
We store your personal data for as long as it is necessary for the purpose for which it was collected or for fulfilling our legal obligations, such as statutory retention periods. The data will be deleted at the latest within 60 days after the respective purpose no longer applies.
Accessing, correcting, or downloading your personal information
You have the right to request access to the personal data SafeStart Europe Ltd holds about you. Unless an exception applies, we must allow you to access the personal data we hold about you, within a reasonable time period, and without unreasonable expense for no charge. Most personal information can be accessed by logging into your account. If you wish to access information that is not accessible through the platform or wish to download all personal information, we hold on you in a portable data format, please contact our Privacy Officer.
You also have the right to request the correction of the personal information we hold about you. All your personal information can be updated through the user settings pages. If you require assistance, please contact our customer support.
Exercising your other rights
You have a number of rights in respect to your personal data. These are:
i. The right to access your personal data, which includes receiving confirmation on whether the personal data are being processed and if so, receiving the personal data and related information about why they are being processed, the categories of personal data involved, to whom the personal data have been or will be shared and how long the data will be kept for. We will accede to any such valid requests within one month of the receipt of a valid request
ii. The right to request that we rectify inaccurate data or update incomplete data. You may also request that we restrict the processing of the personal data until the rectification or updating has been completed, although please be aware that we may have to suspend the operation of your account or the products or services that we provide.
iii. The right to request that we erase your data under certain circumstances, including where you want to withdraw the consent you previously gave to us, where you object to the processing of the data for its own legitimate interests or where processing of the data is unlawful. In the case of unlawful processing, you can also request that this processing is restricted rather than the personal data being erased. Please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
iv. The right to object to the processing of your personal data, where such processing is being conducted for the purpose of:
a. Direct marketing;
b. Establishing, exercising or defending ourselves or others from legal claims; or
c. Our legitimate interests, unless we can demonstrate that our interests override your interests and rights. You may request that we restrict the processing of the personal data until this analysis of legitimate interests has been concluded, although please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
v. The right to receive your data in a portable format or, subject to it being technically feasible, have us transfer it directly to a third party. This applies where you have provided us with consent for the processing or where the processing is necessary for entering a contract with us.
vi. The right, at any time, to withdraw consent you have provided to us to process your personal data.
vii. The right to lodge a complaint to the Data Protection Commission or another supervisory authority. The Office of the Data Protection Commission can be contacted at:
Telephone: +353 (0)761 104 800
Postal Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin
2, D02 RD28
If you wish to raise a complaint in relation to how we processed your personal data, please contact us. We take your privacy and data protection very sincerely and we endeavour to address your complaint as expediently and as thoroughly as we can in order to find a satisfactory resolution for you.
We will update this Privacy Statement from time to time. Any changes will be made available on our website and, where appropriate, notified to you by written notice or e-mail. These changes will be effective immediately for new users of our services and will become effective for existing users through continued use of our services after the effective date of the posted change. If you do not wish to approve the changes to our use of your personal information, you must notify us before such changes take effect that you wish to deactivate your account with us. Please note that you are always responsible for keeping your personal information up to date and providing us with your current contact information.
To contact our Privacy Officer
If you have any questions about our privacy statement, your rights, or how we use your information, please do not hesitate to contact our Privacy Office, at:
SafeStart Europe Ltd.
6 Cedar Crescent,
Cedar Park, Newport Road,
Westport F28YT32, Ireland