Last Updated: June 24, 2020 with Effective Date June 24, 2020
When we refer to personal information (or personal data) we mean any information of any kind relating to you as an identified or identifiable natural person. It is a natural person who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to your physical, physiological, mental, economic, cultural or social status.
And namely personal information identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.
For the purposes of the EU General Data Protection Policy (GDPR), we are the data controller, unless otherwise stated.
I. INFORMATION WE PROCESS
Depending on circumstances mentioned below, the following general categories of personal information may be collected and otherwise processed:
|A.||Identifiers||A real name, postal code, unique personal identifier, online identifier, Internet Protocol address, email address, or other similar identifiers.|
|B.||Geolocation Data||Physical location or movements.|
|C.||Internet or other similar network activity||Information on your interaction with application, or advertisement.|
|D.||Commercial Information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.|
PLEASE, NOTE THAT:
No audio, visual, or similar information can be collected from you.
In a nutshell, under no circumstances any of your image data, whether made, edited or not, with help of the App shall be available to us or stored by us.
It means that we cannot collect store or use the data contained in your cameral roll or photo library.
After you set the relevant settings on your mobile device for technical access to your camera (to take photos & shoot videos)/photo library (to save photos), all visual data (like images, photos) that might be edited (processed) with help of the App is stored locally on your device and/or in your iCloud storage, and is inaccessible to us. Only you can share files to a certain party by exporting them through the App.
Moreover, we cannot access or use your credit card or debit card information. Our e-commerce provider (Apple) is responsible for billing, processing and charging for the in-app purchases, handles your personal information and keeps it absolutely safe and secure. You may access the applicable “in-app” purchase rules and policies directly from the App Store.
Similarly, we do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
II. HOW IS YOUR PERSONAL DATA COLLECTED
We obtain the categories of personal information listed above from the following categories of sources:
- 2.1. Directly from you:
Guided by the principle of data minimization we designed the App in a way that doesn’t require you to sign up for an account in order to use the App. It means that you do not need to provide us with any information that can be used to access the App (like full name, username, public username used on social media accounts, phone number(s), e-mail address or other similar information), however, when you decide to contact us using the e-mail (for example to inquire about the App or to request a support regarding the App usage) we may collect and use whatever contact information (name, e-mail address, and any information that you provide, including the contents of the messages or attachments) you send us via email when it is necessary for adequate performance of the contract between you and us. We use such information to respond effectively to your inquiry, fulfill your requests, and send you communications that you request.
- 2.2. Indirectly from you (Information collected by automated means):
When you use the App, some information about your mobile device and your user behavior may be processed automatically. This information is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We process this information on the ground of our legitimate interest in improving our App and giving our Users the best experience. If we do not access such data, we may not be able to provide you with all the features of the App.
We use third-party automatic data processing technologies to analyze certain information sent by your device via our App (advertising or analytics tools). Some of them launch automated processing of your personal data, including profiling, which means any form of automated processing of personal data used to evaluate certain personal aspects relating to you, in particular to analyze or predict aspects concerning your personal preferences, interests, behavior, location or movements (see the list of data described below). Processing information through automatic data processing technologies starts automatically when you launch the App.
The following are the types of information we collect indirectly from you:
- Device Information. When you use a mobile device to access our App, some of details about your device are reported, including “device identifiers”. Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device (but not your personality). Device identifier enables generalized reporting or personalized content and ads by our partners, service providers, and/or other third parties.
The following data can be processed:
- Information about the device itself: type of your mobile device, type of operating system and its version, model and manufacturer, screen size, screen density, orientation, battery, device memory usage.
- Information about the internet connection: mobile carrier, network provider, network type, Internet Protocol (“IP”) address, timestamp and duration of sessions, speed, browser.
- Location-related information: IP-address, the country code/region/state, city associated with your SIM card or your device, (Designated Market Area (DMA) in US), language settings, time zone.
- Device identifiers: Identify for Advertisers (IDFA).
- Information about the App. Its name, API key (identifier for the App), version, properties of our App can be reported for automated processing and analysis.
- Log file information. Log file information is automatically reported each time you make a request to access the App. It can also be provided when the App is installed on your device. When you use our App, analytics tools automatically record certain log file information, including time and date when you start and stop using the App, and how you interact with the App.
- Ad-related information. The following data might be reported about the ads you can view: the date and time a particular ad is served; a record if that ad was “clicked” or if it was shown as a “conversation” event; what ad offer is about; what type of ad it is (e.g., text, image, or video); which ad placement is involved (where the ad offer is displayed within the App); whether you respond to the ad.
- In-app events. When you use our App, analytics tools automatically record in-app information (tutorial steps, payments, in-app purchases, custom events).
Information provided automatically to advertising or analytics tools does not generally come to our control, therefore we cannot be responsible for processing such information. Please mind that some services are engaged in personal data profiling and may obtain information related to your personality and/or your device by using technologies that do not belong to our scope of responsibility. We do not control, supervise or stand surety for how the third parties process your personal data, that might be collected by their own means (not through our App). Any information request regarding the disclosure of your personal information should be directed to such third parties (see Section IV).
III. THE PURPOSES OF PROCESSING YOUR PERSONAL DATA
Our mission is to constantly improve our App and provide you with new experiences. As part of this mission, we use your information for the following purposes:
- To provide the App, maintain, improve, test and monitor the effectiveness of our App. We use information you provide to us directly and information that is processed automatically to provide and deliver the App to you as well as to better understand User behavior and trends, detect potential outages and technical issues, to support the existing functions of the App and to add new features and services to the App.
- To provide you with interest-based (behavioral) advertising or other targeted content. We may use information that is processed automatically for marketing purposes (to show ads that may be of interest to you based on your preferences). We provide personalized content and information to you, which can include online ads or other forms of marketing.
- To communicate with you. We may use information that is processed automatically to send you push notifications with technical notices, updates, security alerts, and support and administrative messages. Similarly, we use your contact information to respond to you when you contact us.
IV. INFORMATION SHARING AND DISCLOSURE
We will not rent or sell your personal data to any of the above-mentioned recipients, but we may share your information from tools like cookies, log files, and device identifiers and location data, with them.
We may also share some of the information that is processed automatically with advertising partners who distribute advertising in the App. This information allows third-party advertising networks, inter alia, to deliver targeted advertisements that are believed to be of most interest for you.
Please note that while integrating external tools and services we choose legal entities that can assure they apply all necessary technical and organizational measures to protect personal data. However, we cannot guarantee the security of any information transmitted from us to any such legal entity. We are not responsible for any accidental loss or unauthorized access to your personal data through a fault of such legal entities. These legal entities are separately responsible for their privacy policies and practices.
We do not control or influence the above-mentioned automatic data processing technologies or how they may be used. If you want to know more about the above-mentioned third-party service providers and their privacy options please see the correspondent websites and privacy policies. We are not responsible for any usage of your personal data by the abovementioned legal entities contrary to our instructions.
Please note that all third-party service providers as well as advertising partners that are engaged in processing user data are service providers that use such information on the basis of agreement and pursuant to business purpose.
A list of legal entities in this category of recipients mentioned above and links to their privacy policies can be found in the Appendix A below.
In addition to the above, we may disclose your personal information if needed for objective reasons, due to public interest or in other unforeseen circumstances:
– as required by law;
– when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
– if we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice in our App of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
It means that your personal information may also be disclosed to the following categories of recipients:
- Government and law enforcement officials, courts.
- Authorized Agents (for example, when you decide to designate an authorized agent to submit requests on your behalf).
- Affiliates. (for example, when corporate audit, analysis and consolidated reporting, or a compliance with applicable laws are needed).
Please, note that the App may include links to third-party websites/services, plug-ins and applications (for example, allowing Users to share certain content and information on social media platforms), or you may access the App from a third-party site. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites/services, plug-ins and applications, and are not responsible for the privacy practices or the content of these third-party websites/services, plug-ins and applications linked to or from our App, including the information or content contained within them. We encourage you to read the privacy notice of every website you visit/service, plug-in and application you use.
V. INTERNATIONAL DATA TRANSFERS
We work in the international space and provide our App to our Users around the world.
We and legal entity that provide automatic data processing technologies for the App or our third-party advertising partners may transfer the automatically processed information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.
Please note that we may transfer information, including personal data, to a country and jurisdiction that does not have the same data protection laws as in your jurisdiction.
This means that your personal information can be transferred to a third country, a territory or one or more specified sectors within that third country, or to the international organization where data protection and confidentiality regulations may not provide the same level of protection of a personal data as your country does.
We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information. By using the App, you agree that we may transfer your personal data to any third country, a territory or one or more specified sectors within that third country, or to the international organization.
For the purposes of data storage, we recourse to the services of the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data – if possible – before sending it to the hosting organizations for the purposes of its storage. Please note that we cooperate only with those hosting organizations that have passed our security and reliability check.
VI. HOW LONG WE USE YOUR PERSONAL DATA
We generally retain your personal information for as long as is necessary for performing the functional service of the App and to comply with our legal obligations. If you no longer want us to use your information that we physically access and store, you can request that we erase your personal information.
However, some data may still be stored for a certain time period (but no longer than the storage purpose requires) if information is necessary to comply with legal obligation (taxation, accounting, audit) or in order to maintain safety and data backup settings, prevent fraud or other malicious acts.
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information.
We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing. We seek your personal data to be encrypted with proper and strong encryption algorithms, including hashing where possible.
Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law.
If you have any questions about the security of our App, you can contact us through the email displayed below.
VIII. CHILDREN’S PRIVACY
Our App and the services our App provides are not directed to children under the age of 16 (or older if required in an applicable jurisdiction to comply with applicable laws). Therefore, we do not knowingly collect or solicit any personal information from children under 16 (or older if required in an applicable jurisdiction to comply with applicable laws). No one under age 16 (or older if required in an applicable jurisdiction to comply with applicable laws) may provide any personal information to the App. If you are under 16 (or older if required in an applicable jurisdiction to comply with applicable laws), then DO NOT DOWNLOAD OR USE the App.
If we learn that we have collected personal information from a child under age 16 (or older if required in an applicable jurisdiction to comply with applicable laws), we will erase that information as quickly as possible. If you believe that we might have any information from or about a child under 16 (or older if required in an applicable jurisdiction to comply with applicable laws), please contact us.
IX. YOUR RIGHTS AND CHOICES
If you are a resident of the European Economic Area, your rights to access, edit and delete your information can be found in clause 9.1. of this section.
If you are a California resident, your rights to access, edit and delete can be found in clause 9.2. of this section.
If you are not a resident of the EEA or California, depending on your location, you may be able make requests to access, correct and/or delete certain personal information that you provide to us. For your protection, we may require proof and verification of identity and jurisdiction of residency before we can answer the above requests. If you wish to make such a request, you may contact us at email@example.com. If we change or delete your personal information or if you decline to actively share certain personal information with us, we may not be able to provide to you some of the features and functionality of the App. Once we have verified you, we will honor such requests at our discretion and in accordance with applicable law.
If you reside in the European Economic Area (“EEA”), then applicable privacy laws (in particular GDPR) give you certain rights regarding your personal data.
According to GDPR you have the following options in relation to your personal data that was collected:
- Data Access and Portability. You can request copies of your personal information.
- Change or Correct Data. You have the right to ask us to correct, change, update or rectify your data.
- Data Retention and Deletion. The User data is generally retained for as long as it is needed to provide you the App. However, specific retention times can vary based on context of the processing performed. You have the right to ask to delete all or some of the personal data that is held about you.
- Restriction of Processing. Under certain circumstances, you may have the right to limit the ways in which your personal information is used.
To exercise any of the rights described above, you can contact us through the [contact form]. Please bear in mind that we ensure the above-mentioned rights only with respect to the information that we physically access and store.
If you don’t want us to share device identifiers and geolocation data with service providers please check your device settings to opt out as described below >>
If you have questions on privacy issues contact us at: firstname.lastname@example.org.
9.2. Information for Residents of California: Your California Privacy Rights
The California Consumer Privacy Act of 2018 (CCPA) provides those who reside in the State of California with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
The CCPA provides consumers (California residents) with the following rights regarding their personal information:
- Right to Access. You have the right to request that we disclose, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of personal information we have collected about you.
- The categories of sources for the personal information we have collected about you.
- The business or commercial purpose for our collecting or selling your personal information.
- The categories of third parties to whom we share your personal information.
- The specific pieces of personal information we have collected about you.
- Whether we have sold or disclosed your Personal Information for a business purpose, and if so, two separate lists disclosing:
- sales, identifying the categories of personal information that we have sold about you in the prior 12 months as well as the categories of third parties to whom we sold that personal information, by category or categories of personal information for each category of third parties to whom your personal information was sold; and
- disclosures for a business purpose, identifying the categories personal information that we have disclosed about you in the prior 12 months as well as the categories of third parties to whom we disclosed your personal information, by category or categories of personal information for each category of third parties to whom your personal information was disclosed.
Once we receive and confirm your verifiable consumer request, data outlined in this section above (Right to Access) will be disclosed to you.
- Deletion rights. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions outlined in the CCPA. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
- Right to Opt-Out (“Do Not Sell”). You have the right to tell us not to disclose or transfer your personal information to a third party in exchange for something of value. The CCPA refers to this as your right to say “Do Not Sell” my personal information.
We do not sell personal information, as noted herein. If we decide to sell personal information in the future, we will post an appropriate notice and opt-out method, and we will not sell any personal information previously collected.
However, if you don’t want us to process your personal information any more please contact us through the [contact form]. In most cases there is no way to maintain the App’s further operating without functional data therefore you will be advised to remove the App from your device.
If you don’t want us to share device identifiers and geolocation data with third-party service providers please check your device settings as described below >>
- Non-discrimination. You are entitled to exercise the rights described in this section free from discrimination. This means that we will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.
Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Now, when you aware of your California privacy rights, please note, the following:
- We are not in the business of selling information about you to anybody, which indicates that no personal information of yours has been sold ever.
How to Exercise Your California Privacy Rights
To request access to your personal information or request deletion, please submit a verifiable consumer request to us by either:
Consumers may exercise these rights via an authorized agent who meets the agency requirements of the CCPA. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
Please, include the wording “Consumer rights to maintain confidentiality in the state of California” in the text of your request.
Any request you submit to us is subject to an identification and residency verification process, so when submitting a verifiable request, you should be ready to:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: name, address, city, state, and zip code and email address. We may use this information to surface a series of security questions to you to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming or a power of attorney, signed by you.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm the personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request.
We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.
We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.
Opt-out of marketing tracking
If you don’t want third-party service providers to use data concerning you to personalize ads on the basis of your interests you should choose option “Limit Ad Tracking” on your iOS device in Settings/ Privacy/ Advertising, please find additional information here: https://support.apple.com/en-us/HT202074;
You can also opt-out of receiving targeted advertising in the App through participating members of the Digital Advertising Alliance. Visit https://youradchoices.com to know more. (Please, bear in mind that we have no control over this site and any decisions it provides).
Please mind when you opt out of certain interest-based advertising, you may still continue to receive contextual ads based on other non-personal information, such as ads related to the content of other digital products you are using.
Opt-out of Location Data Processing
If you don’t want third-party service providers to use your precise location data, or street-level location information about you, you should turn Location Services off for the applicable Product via the menu “Settings > Privacy > Location Services”. Then select the applicable App and set the “Share My Location” status to “Never”. Please see additional information here: https://support.apple.com/en-us/HT203033.
Also, as mentioned above, we may occasionally send you push notifications or alerts to inform you about certain offers, news and tips concerning the App even if our App is not currently open or in use. If you want to opt-out from receiving these types of communications, you can manage your push notification preferences or disable these notifications by turning off the notification settings in the settings of your mobile device any time. Bear in mind that if you do that, the App may lose full functionality or we will not be able to provide you any important notifications like privacy notices.
It should be noted that you can stop all information collection regarding your App usage by uninstalling the App using the standard uninstall process for your device. If you uninstall the App from your mobile device, some information concerning you may still be stored as described in Section VI above.
XII. HOW TO CONTACT US
Copyright © 2020 EXO SMART LP.
The following legal entities may be involved in the processing of your data (you can use hyperlinks below to learn more about how each of the entities handles your data):
Apple Inc. (US) provides cloud storage service.
Appodeal, Inc. (US) provides analytics and ad management services.
AppsFlyer UK LTD
AppsFlyer UK LTD (UK) provides analytics service.
Facebook Inc. (US) provides analytics service.
Google LLC (US) provides analytics service.
OneSignal Inc. (US) provides mobile push notification solutions.