Introduction and Scope

The following is to inform you about how your personal data is handled when using our Kairos website and Kairos mobile application, in accordance with multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation) and Quebec Chapter P-39.1 - Private Organizations with Law 25.

By accepting the Terms and Conditions and using the Kairos website and/or Kairos mobile application, you agree that your personal data may be collected, used and disclosed in accordance with this policy.

You may access these Terms and Conditions by visiting the “Settings” section in Kairos mobile application or on the Kairos website.

1. Responsible Party

The responsible party, in terms of data protection law, operating Kairos website and Kairos mobile application is:

Neuro Solutions Group 3001 Ch des Quatre-Bourgeois #200, Quebec City, Quebec G1V 5A6, Canada E-mail: contact@neurosolutionsgroup.com

2. Data Protection Officer

The Data Protection Officer of the responsible party can be reached at:

Neuro Solutions Group For the attention of the Data Protection Officer 3001 Ch des Quatre-Bourgeois #200, Quebec City, Quebec G1V 5A6, Canada E-mail: privacy@kairosgame.com

3. Purposes and Legal Basis for Data Processing

3.1 General

Neuro Solutions Group respects the privacy of all visitors to the Kairos website and users of the mobile application. We process your personal data in accordance with the provisions of applicable data protection regulations (see above).

‘Personal information’ means any information relating to an identified or identifiable natural person (‘data subject’). These could include, for example, name, address, telephone number or e-mail address.

This data protection statement explains what information Neuro Solutions Group collects, stores, how it is used and protected. This statement also explains how you can verify the accuracy of the personal information that Neuro Solutions Group holds about you and how you can have that personal information deleted or updated.

The purposes of data processing, as well as the corresponding legal basis, are described below.

3.2 Informational Use of Kairos Website

Without providing any personal information you can visit our website. Using our website for informational purposes only (i.e., if you do not register, log in or otherwise provide us with information about yourself - fill support form), no personal data will be collected, with the exception of the standard data transmitted by your chosen browser to enable you to visit the website and information. This information is transmitted to us anonymously.

3.2.1 Technical Provision

3.2.1.1 Purpose

Automated Collection of Data and Processing by the Browser

For the purpose of the technical provision, Kairos website automatically and temporarily collects and stores the following information:

  • IP address of the requesting computer
  • File request of the client
  • The http response code
  • Date and time of the server request
  • Browser type and version
  • Operating system that is used by the requesting computer
  • Authentication data for security purposes (i.e., in case of account access)
  • Newsletter subscription email (i.e., in case of voluntary subscription)
  • Activity usage of the tools (e.g., emotion wheel, blogs)
Cookies

This website uses so-called session cookies in order to make our website available for you to use. Session cookies do not contain any personal information.

You can set your browser so that no cookies are stored on the hard drive and/or cookies which are already stored are deleted once again. Please follow the instructions in your browser settings in order to prevent and delete cookies. Some features of our website are not available without the use of cookies.

The following information is stored in the cookies and transmitted to us:

  • Date on which the cookie was created
  • Expiration date of the cookie
  • Values concerning variables
  • Information for Google Analytics
  • Language preference
Tools
Google Fonts (Google Inc.)

Google Fonts is a typeface visualization service provided by Google Inc. that allows the website to incorporate content of this kind on its pages.

Personal data collected: usage data and various types of data as specified in the service’s privacy policy.

Place of processing: US – Privacy Policy. Privacy Shield participant.

YouTube Video Widget (Google Inc.)

YouTube is a video content visualization service provided by Google Inc. that allows the Kairos website and web application to incorporate content of this kind on its pages.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy.

3.2.1.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • to fulfill a contract or to carry out pre-contractual agreements, in accordance with art. 6 para. 1 letter b GDPR, when visiting our website to inform yourself about our product range, especially in the web application, our events and other offers, and;
  • to safeguard the legitimate interests of Neuro Solutions Group, in accordance with art. 6 para. 1 letter f GDPR, in order to make the website technically available to you in an attractive, technically-functional and user-friendly way.

3.2.2 Statistical Analysis

3.2.2.1 Purpose

Google Analytics (Google Inc.)

Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Inc. that connects the tracking activity performed by Google Analytics and its cookies with the Google Ads advertising network and the DoubleClick cookie.

On behalf of Neuro Solutions Group, Google will use this information to evaluate usage of the website, compile reports on website activity and provide other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Personal data collected: cookies and usage data.

Place of processing: US/EU – Privacy Policy  Opt Out. Privacy Shield participant.

Mixpanel

Mixpanel provides analytics platform helping to measure and optimize user engagement. Mixpanel may help track user behavior.

Personal data collected: usage data and various types of data as specified in the service’s privacy policy.

Place of processing: US/EU Data Residency – Privacy Policy.

3.2.2.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • user’s consent in accordance with art. 6 para. 1 lit. a GDPR in connection with § 15 para. 3 sentence 1 Telemedia Act if you have given your consent via our banner, and;
  • to safeguard Neuro Solutions Group legitimate interests, in accordance with art. 6 para. 1 letter f GDPR, in connection with sect. 15 para. 3 Telemedia Act; interests lie in the needs based design of Kairos website.

3.2.3 Marketing

3.2.3.1 Purpose

Use of marketing tracking technologies is mostly to allow us to know the referrer who brought the user to us. It allows us to use platforms commonly used by Neuro Solutions Group users to engage with the community.

Google Ads Conversion Tracking (Google Inc.)

Google Ads conversion tracking is an analytics service provided by Google Inc. that connects data from the Google Ads advertising network with actions performed on this application.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy. Privacy Shield participant.

Google Tag Manager (Google Inc.)

Google Tag Manager is an analytics service provided by Google Inc.

Personal Data collected: cookies and usage data.

Place of processing: US – Privacy Policy.

3.2.4 Links to Social Media Operators and Mobile Stores

3.2.4.1 Purpose

To reach out and engage with communities, we are present on social media platforms linked on the website.

For information about the purpose, scope of data collection, processing of data, its use by the providers of social media networks and your rights regarding this and the options available to protect your privacy, please refer to the provider’s privacy policy:

To facilitate access to download the Kairos App, links to the mobile stores are also available. Please refer to the privacy policies below:

3.2.4.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • in accordance with Art. 6 para. 1 lit. f GDPR, and;
  • data analysis from social media may be based on different legal bases and must be specified by social networks operators (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).

3.3 Active Use of Kairos Website

The website may also be used to contact us, access free tools or access your Kairos account (e.g.: to retrieve a password or change settings). In addition to the personal data collected for informational use (see section 3.2 above), more personal data is processed to allow us to provide services and/or to answer requests.

3.3.1 Communication via Support Form or Contact Email

3.3.1.1 Purpose

Any enquiry sent to us via contact email and/or support form includes personal data which is necessary to process and answer requests. Some data is stored for traceability and statistical purposes.

Tools
Zendesk

Zendesk provides SaaS products related to customer support communications (e.g. support or contact forms).

Personal data collected: usage data and various types of data as specified in the service’s privacy policy.

Place of processing: US – Privacy Policy.

Sentry

Sentry is an application performance monitoring and error tracking platform.

Personal data collected: usage data and various types of data as specified in the service’s privacy policy.

Place of processing: US/EU – Privacy Policy.

3.3.1.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • to safeguard our legitimate interests (answering customer enquiries), in accordance with art. 6 para. 1 letter f GDPR.

3.3.2 Communication via Newsletters

3.3.2.1 Purpose

Subscription to newsletters is possible without creating an account. By providing your email address to subscribe to newsletters and clicking the related link, you give your consent to receive those communications. You can withdraw your consent anytime by clicking the unsubscribe link at the bottom of any communication or by sending an email to support@kairosgame.com and specify the enquiry.

Customer.io (Peaberry Software Inc.)

Customer.io is a messaging automation, customer engagement and retention platform that provides the functionality to integrate analytics and marketing.

Personal Data collected: email, preferred language.

Place of processing: US/EU – Privacy Policy.

3.3.2.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • user has subscribed to newsletters and given his/her consent, in accordance with art. 6 para. 1 letter a GDPR.

3.3.3 Use of Free Tools

3.3.3.1 Purpose

Free tools (e.g., emotion wheel, routine chart) available on the website may be used without creating an account by providing your email address as personal information. We use your email to send you the result of the tool used.

3.3.3.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • user has given his/her consent, in accordance with art. 6 para. 1 letter a GDPR.

3.3.4 Account Registration and Access

3.3.4.1 Purpose

The website provides features to create or access a Kairos account to use Kairos mobile application, change settings or manage subscription.

Personal Data collected on account creation: email, first name, last name, city, preferred language, password, timezone.

In addition to the processed data described above, while authenticated and using account features, actions and events data is processed: settings or account information or subscription changes, task validations.

This data is stored in our backend infrastructure hosted in Google Cloud Platform and analytics are processed using MixPanel (see section 3.2.2.1) and Customer.io (see section 3.3.2.1).

3.3.4.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • user has given his/her consent, in accordance with art. 6 para. 1 letter a GDPR, and;
  • user accepted the terms and conditions, and;
  • to safeguard Neuro Solutions Group legitimate interests, in accordance with art. 6 para. 1 letter f GDPR, in connection with sect. 15 para. 3 Telemedia Act; interests lie in the needs based design of Kairos website.

3.4 Use of Kairos Mobile Application

3.4.1 Purpose

Once you have downloaded Kairos mobile application, to create your account and verify your identity, we will ask you to provide us with the personal information about the parent for the account.

Personal Data collected: parent’s first and last name, email, password, city, preferred language.

The email address is used for authentication purposes and to send you notifications or validate certain items, including obtaining prior consent from a parental authority if a child under 16 creates an account. If you wish to log in to KAIROS via Facebook Google, Apple or any other third parties please be aware that we will also have access to your public profile and that you are also subject to these companies’ privacy policies.

You may stop receiving notifications from the Kairos mobile application at any time by changing your Communication Preferences in the “Settings” section of the application.

When using Kairos mobile application, you are prompted to create a parent module as well as one or more children modules. Since Kairos mobile application facilitates children’s behavioral development (e.g., challenges, routines, tasks, side effects, guidance, positive reinforcement), we collect information you choose to enter yourself to use our services.

Personal Data generally collected: type of subscription, preferred language, timezone, device information (i.e., identification, operating system), usage statistics (e.g., activity and events like routine validated, usage duration), account settings, children first name (may be a nickname).

Personal Data collected about children: child’s first name (or nickname), age, gender, objective information (i.e., challenges, routines, tasks) and related data (e.g., schedule, status), medication and side effects, medical diagnosis, observations, needs and life habits.

This data is stored in our backend infrastructure hosted in Google Cloud Platform. Analytics are processed using MixPanel (see section 3.2.2.1) and Customer.io (see section 3.3.2.1). Performance and error monitoring data are processed using Sentry (see section 3.3.1.1).

3.4.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • user has given his/her consent, in accordance with art. 6 para. 1 letter a GDPR, and;
  • user accepted the terms and conditions, and;
  • to safeguard our legitimate interests (provide services), in accordance with art. 6 para. 1 letter f GDPR, in connection with sect. 15 para. 3 Telemedia Act; interests lie in the needs based design of Kairos mobile application.

3.5 Handling Orders

3.5.1 Purpose

Subscriptions contracted from the website are executed with Google’s Play Store or Apple’s App Store or a third party (Stripe) and no private or financial data is stored in our own system but in the third party’s. Subscriptions are monitored using RenevueCat.

Personal or financial data is processed in order to fulfil other legal obligations that we have in connection with the processing of the order. In particular, these include trade-related, commercial or tax-related retention periods.

Note that we do not have access to your financial information but only subscription plans, renewal dates and such data to provide our services.

Stripe (Stripe Inc.)

Stripe is a SaaS which provides a set of programmable APIs and tools to let you facilitate secured payments.

Personal Data collected: email, credit card information (if not using G Pay or Link).

Place of processing: US/EU – Privacy Policy.

RevenueCat (RevenueCat Inc.)

RevenueCat provides a subscription backend and wrapper around Apple’s StoreKit, Google Play Billing, and web-based payments.

Personal Data collected: email, location (for tax purposes) and payment information.

Place of processing: US/EU – Privacy Policy.

3.5.2 Legal Basis

The personal data processed is in compliance with the following requirements:

  • to fulfill a contract, in accordance with art. 6 para. 1 letter b GDPR, and;
  • to fulfill a legal obligation, in accordance with art. 6 para. 1 letter c GDPR in connection with commercial, commercial or tax law, we are obliged to record and store this data (on premise or using a third party), and;
  • to safeguard our legitimate interests, in accordance with art. 6 para. 1 letter f GDPR, or as asserting legal claims or defending ourselves in legal disputes.

4. Hosting and Back-End Infrastructure

This type of service has the purpose of hosting data and files that enable the Kairos website and mobile application to run and be distributed. Additionally, these services provide the infrastructure to run specific features or parts of the application (e.g., backups, encryption, role-based access management). Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.

When required, for legal and compliance purposes, some services or whole applications may be specifically located in a country or jurisdiction mandatory to offer application services.

Google Cloud Platform (GCP) (Google Inc.)

Google Cloud Platform is used to build, deploy, and scale applications, websites, and services on the same infrastructure as Google.

Personal data collected: various types of data as specified in the privacy policy of the service.

Place of processing: See the Google privacy policy – Privacy Policy.

5. Retention Time

Personal data is processed and stored for as long as required to fulfill the purpose for which it is collected.

Therefore:

  • Personal data collected for the performance of a contract between Neuro Solutions Group and a business customer is retained until such contract has been entirely performed or the business customer asks for the data to be deleted.
  • Personal data collected for Neuro Solutions Group’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding Neuro Solutions Group’s legitimate interests within the relevant sections of this document or by contacting us at privacy@kairosgame.com.

Neuro Solutions Group may be allowed to retain personal information for a more extended period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, Neuro Solutions Group may be obliged to retain personal data for a more extended period whenever required to perform a legal obligation or upon order of an authority.

The retention period is 6 months for Kairos website or mobile application. Once the retention period expires, the user’s personal data will be securely deleted. Users may also request data deletion which we will comply with in less than 60 business days.

6. Data Security

Neuro Solutions Group is committed to process personal information with appropriate measures to securely transmit, store and protect its owner: the data subject. We will upgrade our techniques and processes as the technology evolves to maintain high security standards.

Role-based access management (RBAC) is in place and encryption is present in the form of Secure Sockets Layer (SSL) for transmission, database Advanced Encryption Standard (AES-256) at rest for storage.

No data is transferred in other regions by default.

7. Rights of Users (Data Subject)

Users may exercise certain rights regarding their data processed by Neuro Solutions Group.

In particular, users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent after they have previously given their consent to the processing of their personal data.
  • Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their data. Users have the right to learn if Neuro Solutions Group is processing their data, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the data undergoing processing.
  • Verify and seek rectification. Users have the right to verify their data accuracy and ask for it to be updated or corrected.
  • Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, Neuro Solutions Group will not process their data for any purpose other than storing it.
  • Have their personal data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from Neuro Solutions Group.
  • Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used, machine-readable format, and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user’s consent, on a contract that the user is part of, or on precontractual obligations.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

7.1 Details About the Right to Object to Processing

Where personal data is processed for the public interest, in the exercise of an official authority vested in Neuro Solutions Group or for the legitimate interests pursued by Neuro Solutions Group, users may object to such processing by providing a ground related to their particular situation to justify the objection.

Neuro Solutions Group is not selling any data but may use it to provide services and relevant direct marketing purposes.

If an objection is requested, we will not be able to provide you with our services. Personal data that we do not necessarily need for the above-mentioned processing purposes are marked accordingly above indicating ways to manage your settings (e.g., notifications).

7.2 How to Exercise These Rights

Any requests to exercise user rights can be directed to us through the contact details provided in this document (privacy@kairosgame.com). These requests can be exercised free of charge and will be addressed as early as possible within 60 business days.

8. Changes to This Privacy Notice

Neuro Solutions Group reserves the right to make changes to this privacy notice at any time by giving notice to users on this page and possibly within its applications or–as far as technically and legally feasible–sending a notice to users via any contact information available to Neuro Solutions Group. Users are strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed based on the users’ consent, Neuro Solutions Group shall collect new consent from the user where required.

This privacy notice has been prepared based on provisions of multiple legislations, including:

  • Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation)
  • Quebec Chapter P-39.1 - Private Organizations with Law 25
  • The Privacy Act (Canada)
  • Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)
  • Consumer Privacy Protection Act (CPPA) (Canada)
  • Children's Online Privacy Protection Act (COPPA) (US)
  • California Consumer Privacy Act (CCPA) (US - California)
  • California Privacy Rights Act (CPRA) (US - California)
  • Virginia Consumer Data Protection Act (VCDPA) (US - Virginia)
  • Colorado Privacy Act (CPA) (US - Colorado)
  • French Data Protection Act (Loi n78-17)
  • Belgian Data Protection Act
  • Spanish Organic Law on Data Protection and Guarantee of Digital Rights
  • Protection of Privacy Law (PPL) (Israel)
  • Privacy Protection Regulations (Israel)
  • Federal Act on Data Protection (nFADP) (Switzerland)

This privacy notice relates to the Kairos websites, applications, and supporting services.