ATTENTION: Please read this Privacy Statement carefully before using our website and Services and if you do not accept any of these terms, you should immediately discontinue using our website and Services.
YoruX Privacy Statement
Last updated: 08/10/2021
This Privacy Statement applies to all services provided and websites, features, or content owned and operated by YoruX, including its website www.yorux.com and mobile application. Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your personal information when operating our Services, which includes processing payments, shipping kits to customers, creating customer accounts, analyzing wellness information and provide reports, suggestions.
- 1. Definitions
a. "Aggregate Information" is Personal Information that has been stripped of Registration Information and combined with data from a number of other users sufficient to minimize the possibility of exposing individual-level information.
b. “Device Information”, means information such as IP address, unique identifiers (including identifiers used for advertising purposes), language settings, and general location information such as city, state, or geographic area.
c. “Mobile Application”, means mobile application YoruX operated by Yorux, UAB.
d. “Personal Information” any information relating to an identified or identifiable natural personal, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
e. "Registration Information" is the information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information).
f. "Service" or "Services” means personal Lucid Dreaming services that help you to raise the probability of controlling your dreams, including, services, content and support to you through, and which includes but is not limited to, access to the YoruX Website, Mobile Application, TotemX Device, back-office (such as processing payments, shipping devices to customers, creating customer accounts and authenticating logins), delivering analyses of your personal data related with dreams and preparation of your personal Lucid Dreaming guide.
g. "User Content" is all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials generated by users of YoruX Services and transmitted, whether publicly or privately, to or through YoruX.
h. "Website" or “Site” means www.yorux.com.
i. "Wellness Information", means information such as resting heart rate, heart rate variability, blood oxygen saturation level and acceleration; metadata on workouts and sleep; your physiological profile, including birthday, sex or gender identity, weight and height.
j. "YoruX" or "we”, “us" or "our" or “Company”, means YoruX Pte Ltd, having its principal place of business at: Dariaus ir Girėno g. 177C, LT-02189 Vilnius.
k. "You" means the individual accessing or using the Website or the Services.
- 2. Our Core Privacy Principles
We collect and handle information based on the following legal basis:
a. to provide, analyse and improve our Services arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you,
b. as we reasonably believe is permitted by laws and regulations,
c. for our legitimate interests to protect the security and safety of our company, employees, customers and others, or
e. if you give us your consent.
We will not sell, lease, or rent your personal information or individual-level information to a third party without your explicit consent.
We understand and respect the sensitive nature of the personal information you may provide to us, including information about your health and social profile, etc. To that end, we strive to be transparent in our collection, use and disclosure of this information and to ask for your explicit consent to share such sensitive information with third parties. Please see below to learn more about our sharing and consent practices.
We are committed to providing a secure and safe environment for our Services.
- 3. Data Controller
Yorux, UAB, registration code: 305807082, registered address Dariaus ir Girėno g. 177C, LT-02189 Vilnius, Lithuania.
- 4. What Information We Collect (collectively your “Personal Information”)
a. Registration Information
When you register an account with us or purchase/redeem our Services, we collect personal information, such as your name, date of birth, shipping address, and contact information such as your email and phone number.
b. Payment Information
c. User Content
Some of our Services may allow you to create and post or upload content, such as data, text, software, music, audio, photographs, graphics, video, messages, or other materials that you create or provide to us through either a public or private transmission. For example, User Content includes any post or message you place on YoruX’s community forums or blogs.
d. Wellness Information
We collect wellness information, including but not limited to, such as resting heart rate, heart rate variability, blood oxygen saturation level and acceleration, metadata on workouts and sleep, your physiological profile, including birthday, sex or gender identity, weight and height.
e. Device information
We collect device information, such as IP address, unique identifiers (including identifiers used for advertising purposes), language settings, and general location information such as city, state, or geographic area.
f. Customer Service
We collect information when you contact our Customer Service team or correspond with us about our Service in order to: track and react to your query; investigate any infraction of our Terms of Service, Privacy Statement, or relevant laws or regulations; and analyse and improve our Services.
If you decide to post on blogs or community forums which are publicly available on our website, you must be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request that we remove or anonymize your personal information from our blog or community forum, contact us at Customer Care Team. Please keep in mind that if you submit something publicly, it may be impossible to erase the material later, such as if someone screenshots your post. Please use caution while publishing personal information on our blogs, community forums, or in any other public venue.
h. Social Media
In places where our Website provides social media features, the use of those features may result in collection of your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly.
If you use a third-party site, in conjunction with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), we may collect additional information (e.g., your profile picture, network, gender, username, user ID, age range, language preference) in addition to that person's name and contact information, depending on your privacy settings on the third-party site.
We have no control over your interactions with these social media features, which are governed by the privacy policies of the companies that provide them. Before using any third-party websites/services, sending your personal information to them or connecting them to our website, you should carefully read their privacy policies.
i. Web Behaviour Information
j. Other third-party information or publicly available sources
We may receive personal information about you from various third parties and public sources including information from analytics providers such as Google, advertising networks, search information providers and providers of technical, payment and delivery services.
- 5. Health and Other Special Category Data
To the extent that information we collect is health data or another special category of personal data which is subject to the European Union’s General Data Protection Regulation (“GDPR”), we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to us obtaining the data, for example, when you pair your device to your account, grant us access to your exercise or activity data from another service, or use the health tracking feature. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.
- 6. Retention Period
We will retain your Personal Information as required for compliance with applicable legal obligations. We will also retain limited information related to your account, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims, for audit and compliance purposes.
Personal data obtained with the consent of the data subject shall be stored from the time the consent is obtained and as long as it is needed to provide the Services, unless the consent is revoked earlier.
- 7. How We Use and Share Information
When you have given your consent, which you may withdraw at any time using your account settings and other tools.
b. Using personal information to provide, analyse and improve our Services.
We use the personal information described above in Section 3 to operate, provide, analyse and improve our Services. These activities may include, among other things, using your personal information in a manner consistent with other commitments in this Privacy Statement, to:
- provide our Services, which includes creating customer accounts and authenticating logins, analysing wellness and device data, and delivering results and reports;
- open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
- host our Website, run our mobile application(s), authenticate your visits, provide custom, personalized content and information, and track your usage of our Services;
- conduct analytics to improve and enhance our Services, which includes fixing bugs or issues, analyzing the use of our website to improve the customer experience or assessing our marketing campaigns;
- offer new products or services to you, including through emails, promotions or contests;
- conduct surveys or polls, and obtain testimonials;
- to provide customer support as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints;
- monitor, detect, investigate and prevent prohibited or illegal behaviors on our Services, to combat spam and other security risks;
- research and development.
We may create and use aggregated, de-identified or other anonymous data from personal data we collect, including wellness data, for our business purpose, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. We also use the anonymous wellness data for research purposes to help us and our research partners answer important questions about human performance and create an even-better experience for our members by identifying cutting-edge insights and providing new content and product features.
c. Direct marketing
If you consent to direct marketing, we may use your personal information (your name, residential and email addresses, phone number, and via cookies and similar tracking technologies), except any Sensitive Information, to send you online marketing campaigns and targeted advertising.
We will not send you any marketing communications if you do not consent to direct marketing on the application form on the Website.
Even if you have consented, you may opt-out from receiving any marketing communications at any time by contacting our Customer Care Team*.
d. Compliance with legal obligations
Your information may be disclosed in response to judicial or other government subpoenas, warrants, or orders, or in collaboration with regulatory agencies, in certain circumstances.
If required by law or in the good faith judgment that such preservation or disclosure is reasonably necessary, YoruX will retain and disclose any and all information to law enforcement agencies or others, in order to:
- comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that YoruX may have under ethical and other professional rules, laws, and regulations;
- enforce the YoruX’s Terms of Service and other policies;
- respond to claims that any content infringes on third-party rights; or
- protect the rights, property, or personal safety of YoruX, its employees, its users, its clients, and the public.
In such event we will notify you through the contact information you have provided to us in advance, unless doing so would violate the law or a court order.
You are able to opt-in, opt-out or otherwise adjust your preferences of having your information used for certain of these activities. Please see below to learn more in Privacy Rights.
- 8. Information we share with third parties:
a. Service providers
We share information with third parties such as payment service providers, vendors who advertise our Services, consultants, lawyers, auditors, bankers and insurers, hosting and other technology and communications providers, analytics providers, and staff augmentation and contract personnel, that provide services to us or on our behalf;
b. Targeted advertising service providers (if you consented to direct marketing).
We may allow thirdparty advertising networks and suppliers to gather Web Behaviour Information on our Service in order to assist us in providing you with targeted online advertisements ("ads"), in order to personalize ads to match your interest, and to measure the effectiveness of ad campaigns.
We do not share Wellness or Device Information with these advertising partners.
We may share information with authorities, including law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with law or legal proceedings;
d. Aggregate information.
Information that has been stripped of your Registration Information (e.g., your name and contact information), so called, de-identified or aggregate information to third parties, so that you cannot reasonably be identified as an individual. We may provide such information in commercial arrangements with our business partners.
- 9. Important Information
a. Security measures
YoruX takes seriously the trust you place in us. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of information, YoruX uses a range of physical, technical, and administrative measures to safeguard your Personal Information. In particular, all connections to and from our Website and Mobile Application are encrypted using Secure Socket Layer (SSL) technology.
Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify YoruX of any unauthorized use of your password. YoruX cannot secure Personal Information that you release on your own or that you request us to release.
Your information collected through the Service may be stored and processed in Lithuania or any other country in which YoruX or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
Where your Personal Information is to be transferred to a third country, we will comply with laws about transferring personal information between countries to help ensure that your information is protected everywhere.
b. Business transactions
In the event that YoruX goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, your information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.
c. Linked websites
YoruX may provide links to third-party websites operated by organizations not affiliated with YoruX. YoruX does not disclose your information to organizations operating such linked third-party websites. YoruX does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by YoruX.
d. Children’s privacy
YoruX is committed to protecting the privacy of children as well as adults. Neither YoruX nor any of its Services are designed for, intended to attract, or directed toward children under the age of 16. If you are 16, please do not attempt to register for the Services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 16, we will delete that information as quickly as possible. You can report any complaint to Customer Case Team*.
e. Transfer of Personal Information outside the EU
We will not transfer your Personal Information outside the EU.
In case the transfer outside the EU of your Personal Information is required in exceptional circumstances, we will formalise the corresponding Standard Contractual Clauses approved by the European Commission between the data exporter and importer.
- 10. Privacy Rights
You can exercise your privacy rights by following the instructions below or contacting the Customer Care Team. We will handle your request under applicable law. When you make a request, we may verify your identity to protect your privacy and security.
Every data subject has the following rights:
a. the right to know (be informed) about the processing of his/her personal data;
b. the right to have access to his or her personal data and how they are processed, i.e. to be informed about the period of retention of personal data, the technical and organisational measures in place to ensure data security, to be informed from which sources and what personal data have been collected, for what purpose they are processed, to whom they are provided;
c. the right to obtain rectification, erasure or suspension, with the exception of storage, of the processing of his/her personal data where the processing is not in accordance with the provisions of law;
d. the right to object to the processing of their personal data, unless the processing is carried out for a legitimate interest pursued by the controller or by a third party to whom the personal data are submitted and the interests of the data subject are not overriding;
e. the right to request the restriction of the processing of personal data;
f. the right to require that personal data which he or she has provided, if processed on the basis of his or her consent or on the basis of a contract, and if processed by automated means, be transmitted by the controller to another controller, if technically feasible (data portability);
g. the right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on consent prior to the withdrawal of consent;
h. the right to withdraw at any time the consent given to the processing of personal data for direct marketing purposes
The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:
- Cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
- Breach or prejudice the rights of confidentiality and security of others;
- Prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
- Otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.
If you want to exercise one of the rights, please contact our Customer Care Team at: [email protected]m
- 11. Right to Lodge a Complaint
You also have a right to lodge a complaint with a competent supervisory authority situated in the country of your habitual residence, place of work, or place of alleged infringement. If you reside in the EU, you can find the relevant supervisory authority name and contact details here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.
- 12. Notice for California Residents
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act ("CCPA").
How to exercise your legal rights?
You have the right to understand how we collect, use and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Privacy Rights section, for example:
- By logging into your account and using your account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it. Learn more here.
- Your account settings also let you exercise your right to delete personal information. Learn more here.
If you need further assistance regarding your rights, please contact our Customer Care Service, and we will consider your request in accordance with applicable laws.
Categories of information we collect, use, and disclose for business purposes
As described in the Information We Collect section, we collect the categories of personal information listed below. We receive this information from you, your device, your use of the Services, your coach if you use our Live Coaching Services, third parties (like the other services you have connected to your Fitbit account, or your employer or insurance company if they offer you Fitbit Services as an employee or customer), and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in the How We Use Information and How Information Is Shared sections, respectively. The categories are:
- Identifiers, like your name or username, email address, mailing address, phone number, IP address, account ID, device ID, cookie ID, and other similar identifiers.
- Demographic information, such as your gender, age, health information, and physical characteristics or description, which may be protected by law.
- Commercial information, including your payment information and records of the Services or devices you purchased, obtained or considered (for example, if you added them to your shopping cart on the Fitbit online store but did not purchase them).
- Biometric information, such as your exercise, activity, sleep or health data.
- Internet or other electronic network activity information, such as the usage data we receive when you access or use our Services. This includes information about your interactions with the Services and about the devices and computers you use to access the Services.
- Geolocation data, if you have granted us access to that information.
- Electronic, visual or similar information, such as your profile photo or other photos.
- Other information that you provide, including account information such as your biography or country; information for features of the Services, for example, an alarm, information about weight, sleep, water or female health tracking; messages on the Services; and information recorded by your device which may vary depending on the device you use.
- 13. Changes to this Privacy Statement
- 14. Contact Information
If you have questions about this Privacy Statement, please email our Customer Care Team at:
Email: [email protected]
Name of the company: Yorux, UAB
Registration code: 305807082
Registered address: Dariaus ir Girėno g. 177C, LT-02189 Vilnius, Lithuania