PRIVACY POLICY

Version applicable as of 25th July 2024

1. WHY SHOULD I READ THIS PRIVACY POLICY?

This Privacy Policy ('policy') describes how DigiJoy OÜ (hereinafter referred to as the "Company","We","Us","Our") collects, uses, discloses, and stores your personal information and what statutory rights you do have. We protect your personal information under the EU General Data Protection Regulation (2016/679) ('GDPR') and other applicable laws. We may amend this policy from time to time. Therefore, please visit our website regularly for the latest version of this policy.

2. WHO IS RESPONSIBLE FOR PROTECTING MY INFORMATION?

We are: DigiJoy OÜ

Our company number is: 14607496

Our address: 12 Ahtri Tallinn, Estonia

Our e-mail address: support@hypnobetter.com

3. WHY AND HOW DO YOU COLLECT MY INFORMATION?

3.1. TO PROVIDE YOU WITH OUR ONLINE SERVICES AND / OR PRODUCTS

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?When you use / receive our online services and / or productsFirst name, last name, email address, password, other data that you provide while registering, date of account creation, date of user’s most recent log in, selected account settings, online services and/ or products received by user, tests’ results, games’ scoresContract (Art. 6 (1) (b) of GDPR)From yourselfIt is a requirement necessary to enter into a contract. If you do not provide this information, you will not be able to use / receive our online services and / or products5 years from the last login to your account

3.2. TO PROCESS YOUR ORDERS AND RECEIVE PAYMENTS

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?When you make a payment at our websiteFirst name, last name, email, subscription plan, ordered services and / or products, paid amount, currency, payment information (card number, expiration date, CVC number, postal code)Contract (Art. 6 (1) (b) of GDPR)From yourselfIt is a requirement necessary to enter into a contract. If you do not provide this information, you will not be able to use our services10 years from the moment you made a purchase

3.3. TO ENSURE SECURITY OF OUR WEBSITE/APP AND CONTINUOUSLY IMPROVE IT FOR YOU

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?When you use our websiteIP address or other device address or ID, web browser and/or device type, hardware and software settings and configurations, the web pages or sites that you visit just before or just after visiting the Site, the pages you view on the Site, your actions on the Site, and the dates and times that you visit, access, or use the Services. When you use the Site on a mobile device, we may also collect the physical location of your device by, for example, using satellite, cell phone tower or wireless local area network signalsConsent (Art. 6 (1) (a) of GDPR)From yourselfNo1 month after you visit our website

3.4. TO PROVIDE YOU WITH CUSTOMER SUPPORT

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?When you submit an inquiry or file a complaint to our customer supportFirst name, last name, e-mail address, country, telephone number, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, reply to your inquiryConsent (Art. 6 (1) (a) of GDPR))From yourselfNo3 years from the moment your last inquiry was received

3.5. TO ENSURE AND IMPROVE THE PERFORMANCE OF OUR WEBSITE/APP, TO ADAPT ITS CONTENT AND FORMAT TO THE NEEDS OF USERS AND TO SHOW YOU RELEVANT INTERNET ADS

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?When we want to inform you or ask your opinion about our products or show you internet adsFull name, e-mail, telephone number, IP address, order information, country, postback information, website that directed the company’s website, your interaction with internet addConsent

(Art. 6 (1) (a) of GDPR)(Art. 81 (1) of Lithuanian Law on Electronic Communications)

Customer relationship (Art. 81 (2) of Lithuanian Law on Electronic Communications)From yourself

Social media service providers

Marketing service providersNo5 years after you use our services or after you give your consent, unless you withdraw your consent earlier

3.6. TO INTERACT WITH YOU VIA SOCIAL MEDIA

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?If you interact with our social media profiles (e.g., send a message, follow our profiles, share a post, react to a post)Name and surname, e-mail address, gender, country, picture, message, time and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about Company’s rating, comments on a post, post shares, information about post reactionsConsent

(Art. 6 (1) (a) of GDPR)From yourself and social media platformsNo10 years from the moment you interact with our social media profiles

3.7. TO CARRY OUT THE SELECTION OF POTENTIAL EMPLOYEES

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?When we receive your application for a job position, when you give us your consent, or we contact you based on the information you publicly disclose on professional social media platformFull name, e-mail, phone number, CV, work experience, other information you provide us withLegitimate interest (to contact you when you publicly disclose your information on professional social media platforms) (Art. 6 (1) (f) of GDPR)From yourself and professional social media platforms (i.e. Linkedin).It is a requirement necessary to evaluate your competences and potential to fit into the open position in order for the company to find the right candidate6 months after the end of the relevant recruitment process, or 3 years after you give us your consent or publicly disclose your information on professional social media platforms

3.8. TO FULFIL STATUTORY ACCOUNTING REQUIREMENTS

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?When you order our productsFull name, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, other information we are statutorily required to collectLegal obligation (Art. 6 (1) (c) of GDPR)

Law on Accounting of the Republic of LithuaniaFrom yourselfIt is a statutory requirement. If you do not provide this information, you will not be able to buy goods or services from us10 years from a transaction

3.9. TO FULFIL STATUTORY ACCOUNTING REQUIREMENTS

When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information?How long do you store information about me?In case we become a party or concerned party in legal process which you are subject to or we are statutorily required to collect and/or provide information about you in order to comply with the lawAll of the afore-mentioned information, accounting and legal case files, legal documents, other information you provide us with, other information that we are statutorily required to collect and/or provide

If the case arises - information about criminal offenses and convictionsLegal obligation (Art. 6 (1) (c) of GDPR)

Legitimate interest (to protect our rights and interests) (Art. 6 (1) (f) of GDPR).

Establishment, exercise, or defence of legal claims (Art. 9 (2) (f) of the GDPR)From afore-mentioned sources, law enforcement authorities, parties that are subject to legal process, courtsYou are statutorily obliged to provide personal information. In other cases, we will collect your personal information when we have a legitimate interest to defend our rights and interests10 years following the end of contractual relationship with us or, whichever is longer, for the duration of legal process and 3 years following the date of entry into force or full enforcement of a judgment of a court or authority

4. WHO DO YOU SHARE MY INFORMATION WITH?

We share your information with information recipients, both within and outside European Economic Area (EEA), in cases where necessary for the above-describe purposes and allowed in accordance with applicable laws.

Information recipient or category of information recipientPurpose of information transferCountry of the recipientEuropean Commission decision on whether a non-EEA country has an adequate level of information protectionSuitable safeguards that protect my information, when it is transferred to non-EEA countriesAccounting and audit service providersTo fulfil statutory accounting requirementsEUN/AN/AArchiving service providersTo keep our archiveEUN/AN/AElectronic communication service providersTo operate our electronic communicationsEUN/AN/AAttorneys, notaries, bailiffs, auditors, data protection officers, consultantsTo ensure our compliance, defend our rights and interestsEUN/AN/AE-mail and cloud hosting service providersTo operate IT resourcesWorldwideN/A, including non-EEA countriesEU Standard Contractual ClausesPotential or actual acquirers of the Company's business/ part of the business, also their authorized consultants or other personsTo evaluate and/ or execute transactions concerning the ownership of the CompanyEUN/AN/ABanking, payment processing and other financial service providersTo process paymentsWorldwideN/A, including non-EEA countriesEU Standard Contractual ClausesMarketing and telemarketing service providersTo market our servicesWorldwideN/A, including non-EEA countriesEU Standard Contractual ClausesCustomer support service providersTo provide customer supportWorldwideN/A, including non-EEA countriesEU Standard Contractual ClausesSocial media service providersTo manage our social media profilesWorldwideN/A, including non-EEA countriesEU Standard Contractual Clauses

5. WHAT STATUTORY RIGHTS DO I HAVE REGARDING MY INFORMATION?

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the rights listed below:

My rightWhen this right is applicable to me?Right of accesswhen you seek to obtain confirmation as to whether we collect or otherwise process personal data concerning you, and, where that is the case, access to the personal data and the information about the data processing.Right to rectificationwhen you seek to obtain from us the rectification of inaccurate personal data concerning you.Right to erasure ('right to be forgotten')- when personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- when you withdraw consent on which the processing is based and there is no other legal ground for the processing;

- when you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;

- where the personal data have been unlawfully processed;

- where the personal data have to be erased for compliance with a legal obligation;

- where the personal data have been collected in relation to the offer of information society services directly to a child and subject to a consent.Right to restriction of processing- where the accuracy of the personal data is contested by you;

- where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

- where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

- where you have objected to processing.Right to data portabilitywhere you seek to receive the data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means.Right to objectwhere the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your personal data for direct marketing purposes.Right to withdraw consentwhere the processing is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time.Right to lodge a complaintIf you believe that we are processing your personal data unlawfully or we are not implementing your rights, you have the right to file a claim before the responsible Data Protection supervisory authority. You can check Data Protection supervisory authorities‘ contact information by Member State
here

6. HOW DO I SUBMIT A REQUEST?

If you would like to exercise your rights described above, please submit a request to us via e-mail at support@hypnobetter.com

.

7. CAN I USE AN AUTHORIZED AGENT?

Sure. You may use an authorized agent to submit a request to opt-out on your behalf if you provide us with the authorized agent written permission to do so. If this is the case, please provide us with a copy of the said permission as instructed under the Section 18 of this policy below. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. You may also make a request on behalf of your minor child.

8. DO YOU ENGAGE IN AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING?

No, we do not make decisions based solely on automated processing, including profiling, which would produce legal effects concerning you.

9. DO YOU USE COOKIES?

Yes, following cookies may be used in our Website:

Strictly Necessary- these cookies enable essential functions and ensure the proper functioning of the Website (i.e. page navigation and access to secure areas of the Website). These cookies are mandatory and do not require your consent as the Website would not function properly without them;Statistics Cookies- these cookies collect and report anonymous information that allows the Website Manager to understand how visitors use the website. Your consent is required for the use of these cookies, which you can withdraw at any time;Targeting Cookies- these cookies track user actions to identify visitors between different websites. Using information collected by these cookies you can see personalized ads that match your interests. Your consent is required for the use of these cookies, which you can withdraw at any time;Marketing Cookies- these cookies are used to display personalized content and promotional information. Your consent is required for the use of these cookies, which you can withdraw at any time.

Cookie NameCookie purpose/functionCookie ExpiryStrictly NecessaryHSID, SIDSecurity cookies to confirm visitor authenticity, prevent fraudulent use of login data and protect user data from unauthorized access.399 daysCONSENTStores user’s state regarding their cookies choices394 daysAECPrevents malicious sites from acting on behalf of a user without that user’s knowledge174 daysennence_sessionThis is used to hold information about your current visit with us. This cookie is essential to the functionality of the site.Same dayparity_save_dataThis cookie is used by one of our games to track the game progress.365 daysdigital_sessionThis is used to hold information about your current visit with us. This cookie is essential to the functionality of the site.Up to 24 hoursapple_pay_supportedWhen a user visits a website that supports Apple Pay, the website may set the "apple_pay_supported" cookie to store a flag or indicator that their browser is capable of using Apple Pay as a payment method. This information can be used by the website to determine whether to display Apple Pay as a payment option during the checkout process.30 daysrppThis cookie is used by our platform to pass some information between pages.2 dayscartThe "cart" cookie helps maintain the user's shopping session by keeping track of the items they have added to their cart.3 dayssrppThis cookie is used by our platform to pass some information between pages7 daysXSRF-TOKENThis cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.Same dayNID, Secure-ENIDThis cookie is used to remember your preferences and other information, such as your preferred language, how many results you prefer to display on a search results page (for example, 10 or 20) and whether you want Google's SafeSearch filter to be activated.183 daysStatistics Cookiesga, ga7D261W9FDJThe ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.400 daysSecure-1PSIDThe purpose of this cookie is to track and differentiate user sessions on the website for analytical purposes. It helps Google Analytics provide accurate and aggregated data to website owners, enabling them to measure and improve their website's performance and user experience.399 days_gidInstalled by Google Analytics, gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.24 hoursDSIDThe purpose of the "DSID" cookie is to track user interactions with websites that are using the DoubleClick advertising services. It helps Google collect information about the user's browsing activity, such as the pages they visit, the ads they interact with, and the actions they take on the website.14 daysgaexpCookie is used to store ID's of experiments and sessions for A/B testing.92 days_hjAbsoluteSessionInProgress, hjFirstSeen, hjIncludedInSessionSample_3021418, hjSession3021418Cookies set by Hotjar to track the session and ensure the accuracy. Includes identifying of first session, holding current session data, ensuring subsequent requests in session are attributed to the same sessionUp to 24 hours_hjSessionUser_3021418This cookie is set by Hotjar. Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID.366 days_hjMinimizedPolls, hjDonePollsUsed to track whether a user has minimized or closed a website poll or if user has already participated in poll. This cookie allows the website to remember the user's preference and keep the poll minimized or closed throughout their browsing session, enhancing their user experience by avoiding intrusive or repetitive poll displays.365 daysfbqpurchaseThe specific purpose of the "fbq_purchase" cookie is to track and record information about user purchases or completed transactions on a website.Sessiont_gidAssigns a unique User ID that Taboola uses for attribution and reporting purposes, and to tailor recommendations to this specific user.364 daysANONCHKIndicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn't use ANID and so this is always set to 0.up to 24 hours_clckThis cookie is installed by Microsoft Clarity to store information of how visitors use a website and help in creating an analytics report of how the website is doing. The data collected includes the number of visitors, the source where they have come from, and the pages visited in an anonymous form.365 days_clskThis cookie is installed by Microsoft Clarity to store information of how visitors use a website and help in creating an analytics report of how the website is doing.1 dayMarketing CookiesOTZThe specific purpose of the "otz" cookie is to provide information to Google Analytics about the user's journey across different websites and to measure and optimize advertising campaigns24 days_gcl_auThe primary purpose of the "_gcl_au" cookie is to help track the effectiveness of Google Ads campaigns and measure conversions. | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.90 daysSIDThis cookie is used provide ad delivery or retargeting, prevent fraud prevention399 daysg_stateCookie is used to store information related to the current state of the Google Analytics session. It helps track the user's activity, such as the pages they visit, the duration of their visit, and other engagement metrics. The specific purpose of the "g_state" cookie may vary depending on how the website owner has configured Google Analytics and the specific features they have enabled. However, in general, it helps collect data for analytical purposes and provides insights into the website's performance and user behavior.173 days_tt_enable_cookie, ttpTo measure and improve the performance of your advertising campaigns and to personalize the user's experience (including ads) on TikTok.390 daysuetsidThe primary purpose of the "_uetsid" cookie is to collect and store information about a user's interaction with advertisements served by Microsoft Advertising24 hours_uetvidThe "_uetvid" cookie enables Microsoft Advertising to measure the effectiveness of advertising campaigns, optimize ad targeting, and improve overall ad performance by attributing user actions, such as clicks and conversions, to specific advertisements.39 daysMUIDto store and track visits across websites. | This cookie is set by Microsoft Advertising. Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.390 daysSRM_BIdentifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.391 daysfrThis cookie is set by Facebook as part of their embedded services on our websites21 dayssbThis cookie is used by Facebook to store browser details.396 daysooThis cookie helps store your advertising preferences.280 daysxsThe "xs" cookie by Facebook is used for session management and security purposes. It helps identify the user's session, maintain their login status, and ensure the secure transmission of data between the user's browser and Facebook's servers. The "xs" cookie plays a crucial role in authenticating and authorizing the user's access to Facebook's services and protecting their account from unauthorized access.365 daysTargeting Cookies1P_JARUsed by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.30 daysAPISIDPersonalizes Google ads on websites based on recent searches and interactions.399 daysDVUsed to track user activity and deliver targeted advertisements. It helps serve relevant ads based on the user's browsing behavior, interests, and demographics.up to 24 hoursSAPSID, Secure-1PAPISIDUsed by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions, used to enable Google to collect user information for videos hosted by YouTube.399 daysSSIDGoogle collects visitor information for videos hosted by YouTube on maps integrated with Google Maps.399 daysSSIDCCUsed by Google to store user preferences and information when users interact with websites that use Google services365 daysUULE‘UULE’, sends precise location information from your browser to Google’s servers so that Google can show you results that are relevant to your location. The use of this cookie depends on your browser settings and whether you have chosen to have location turned on for your browser.up to 6 hoursSecure-3PAPISID, Secure-3PSIDBuilds a profile of website visitor interests to show relevant and personalized ads through retargeting.399 daysSecure-3PSIDCC, Secure-1PSIDCCUsed for targeting to profile the interests of website visitors and display relevant and personalized Google Ads. Used by YouTube for ads on Google/YouTube.365 daysIDEThe "IDE" cookie is associated with Google's DoubleClick advertising platform. It is used to store and serve targeted advertisements to users based on their interests and online behavior.389 daysgeps, gessThis cookie is set by
retention.com
as part of their embedded services on our websites30 daysm-b, m-b
lax, m-s, m-themeQuora cookies to measure how visitors are interacting with our website so that we can display relevant advertising to prospective customers.358 daysm-sa, m-uidQuora cookies to measure how visitors are interacting with our website so that we can display relevant advertising to prospective customers.393 daysidid, lc2fpiCollects data on visitors’ behavior and interaction – This is used to make advertisement on the website more relevant. The cookie also allows the website to detect any referrals from other websites.400 days

10. HOW CAN I MANAGE COOKIES?

You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:

• Mozilla Firefox:

https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

• Google Chrome:

https://support.google.com/chrome/answer/95647

• Opera:

https://www.opera.com/help/tutorials/security/privacy

• Microsoft Edge:

https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

• Safari:

https://support.apple.com/guide/safari/manage-cookies-and-website-information-sfri11471/mac

11. HOW CAN I CONTACT YOUR DPOs?

If you have any questions, comments, or complaints regarding how we collect, use, and store your personal information, we have our data protection officers to help you. If you need their help, you may contact them at any time:

E-mail address:

support@hypnobetter.com

Copyright © 2025. All rights reserved.

The information provided on this website is not a substitute for professional medical examination, diagnosis, or treatment. We emphasize the importance of consulting a healthcare professional for any health-related concerns. The content on these pages is intended for informational purposes only and should not replace professional advice or consultation. Always seek the guidance of your doctor or other qualified health providers with any questions you may have regarding a medical condition.

NOT FACEBOOK: This site is not a part of the Facebook website or Facebook Inc. Additionally,

This site is NOT endorsed by Facebook in any way. FACEBOOK, INSTAGRAM and WHATSAPP are trademarks of FACEBOOK, Inc.