Privacy Policy
Last Modified: 30 May 2024
Your privacy is important to us.
Pixocial Technology (Singapore) Pte. Ltd. and its affiliates (“we “us” or “our”) are dedicated to protecting the privacy of our users (“users” or “you”). This Privacy Policy (this “Policy”) is meant to explain our practices regarding how we collect, store, use, manage, and protect your user information (including your personal information) as a controller and/or business under applicable data protection laws during your use of the Doti application, including all its features (our “Services”).
Please note that the scope of this Policy is limited solely to your user information (including your personal information) collected or received by us when you are using our Services. In this Policy, “personal information” refers to any information or combination of information that can be used to identify, contact, or locate an individual to whom the collected information pertains. For the purpose of this Policy, the term “affiliates” shall mean any entity which directly or indirectly controls, is controlled by, or is under common control with Pixocial Technology (Singapore) Pte. Ltd. For the purpose of the foregoing, “control” shall mean the direct or indirect ownership of more than 50 percent of the outstanding voting securities or capital stock of such entity, or other comparable equity or ownership interest.
BY USING OUR SERVICES YOU ARE AGREEING TO THIS POLICY AND THE COLLECTION, USE, PROCESSING, RETENTION, DISCLOSURE, AND SHARING OF YOUR USER INFORMATION, INCLUDING YOUR PERSONAL INFORMATION, IN THE MANNER PROVIDED IN THIS POLICY. IF YOU DO NOT AGREE WITH ANY OF THE TERMS OF THIS POLICY OR ANY SUBSEQUENT CHANGES TO THIS POLICY, PLEASE DO NOT USE OUR SERVICES.
Please note that it is mandatory for you to provide certain categories of data (as specified at the time of collection). In the event that you do not provide any or sufficient data marked as mandatory, we may not be able to complete the registration process or provide you with our Services. Also, please note that unless we define a term in this Policy, all capitalized terms used in this Policy have the same meanings as in our Terms of Service. So please make sure that you have read and understand our Terms of Service.
If you have any questions regarding this Policy or any privacy-related matters, please contact our Data Protection Officer via email at [email protected] (please quote “Doti” in your email title) or via registered mail at Unit 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Pixocial). Please note that for all other enquiries, feedback, suggestions, and/or complaints not related to privacy or intellectual property infringement (including but not limited to any cancellation of subscription, payment disputes, refund requests, and technical support of Doti), you should contact us via email at [email protected]. If your email is sent to an incorrect email address relating to an incorrect subject matter, it may lead to a potential delay or failure in processing your requests properly.
THE INFORMATION WE COLLECTIn order to provide and improve our Services, we will collect and process your personal information and user information in accordance with this Policy. If you do not provide this information, we may be unable to provide you with our products or Services. You should ensure that all personal information and user information submitted to us is complete, accurate, true, and correct. Failure on your part to do so may result in our inability to provide you with all or some of our Services.
Personal DataWe collect and store any personal data related to your App profile that you voluntarily provide to us when you register or continue to use the App:
- Nickname
- Email address
- Date of birthday
- Demographic location
- Time zone
- Photos uploaded
- Voice information
We offer users the option to make a connection with their Apple HealthKit. With users’ consent, we communicate with the HealthKit to share data. If you grant us access to HealthKit, it can add information to certain sections of HealthKit, i.e., adding the minutes of meditation that you were practicing. We also collect certain non-sensitive information through HealthKit. We do not use information gained through the HealthKit for advertising or similar services. You can at any time stop us from accessing your data in HealthKit by changing the settings.
Derived Data and Uploaded MediaData is automatically collected by our servers when you use the App, such as your native actions that are integral to the App, actions taken when you create records, edit records, and upload media to the App. For this reason, we may also request access to your device's photo or camera to upload your media to the App. All media uploaded in this way will be collected and stored on our servers. If you wish to change our access or permissions, you can do so in your device's settings.
Account InformationWhen you use our Services, we might recommend you sign up for an account with us to take full advantage of our Services and all their features. When you create an account, we will collect the following information that can be used to identify you or provide our Services to you:
- Mandatory: device ID
- Optional: username, gender, nickname, weight, height, date of birth, and location.
Anyone can access our Services, but there are certain services that require a subscription fee, such as accessing our premium content and enjoying advertisement privileges (“Subscription Service”). If you choose to make a purchase on our Subscription Service, we will collect certain personally identifiable information such as your device ID. A third-party app store or payment processor may receive access or use your financial information and billing address for the purpose of processing transactions and renewals. If you purchase content or sign up for Subscription Services through a third-party app store or a payment processor, you should refer to that third party’s terms for information on how it maintains and uses personal financial information for all purchases. For the avoidance of doubt, we will not collect any financial information from you.
Mobile Device InformationWhen you use our Services on your mobile device, we will collect information about your device, including its Identifier for Advertising (“IDFA”) and Identifier for Vendor (“IDFV”), the type of device you use, operating system version, a list of mobile applications installed on your device, and resolution, which will be used by us for statistical and/or analytical reasons, including without limitation to improve our technical functionality, server load-balancing, analysis of technical data relating to your mobile device so as to optimize our Services, and graphics adaptation.
As stated below in the “Location Information” section, we may collect your location-based information from your mobile device if you choose to share it with us. If you subsequently wish to stop sharing Location Information, you may do so at any time by editing the relevant setting on your mobile device.
Mobile AnalyticsWe use mobile analytics software to allow us to better understand and improve the functionality of our Services. Such software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.
Network InformationWhen you use our Services, we will collect information about the network you use, including the name of the operator and the type of network, so as to understand the distribution of operators and networks used by our users. In addition, we will collect information such as the name of the WiFi network to which you connect, the location of the WiFi network, and the duration of your WiFi connection to understand the environment under which you prefer to use our Services.
Location InformationWe may collect your location-based information from your mobile device if you choose to share it with us.
- Mandatory: country code, network information, IP address, and system time zone
- Optional: latitude and longitude, network location, and system country.
This information will help us understand user distribution and usage scenarios and allow us to provide users with a more personalized experience, i.e., giving you suggestions on how certain places may be connected to your wellbeing. You can at any time stop the Doti App from accessing your exact location data by changing the settings. Unless we obtain your consent, location data WILL NOT BE ACQUIRED or USED to identify you individually. Except as otherwise provided in this Policy, we will not share this Location Information with any third parties. If you no longer wish to allow us to collect or use such information, you may turn off your Internet access or GPS or disable our access to information about your network, GPS, and device. Please note that we may still continue to receive some Location Information such as your Network Information, IP address, and system time zone as a result of you using our Services.
Log InformationWhen you use some of our Services, including generating and browsing certain content, we will automatically collect certain relevant log information stored in Doti (“Log Information”). Log Information may include (i) details on when and how often you use our Services, (ii) device statistics, including critical operation paths, errors, crashes, language, and time zone. This Log Information is used to improve our Services and is NOT USED to identify our users individually.
Access to Your Mobile DeviceWe may ask you to access or enable certain features from your mobile device, including reminders for your mobile device and other features. If you want to change our access or permissions, you can do so in your device settings.
CookiesWe use “cookies” that store and retrieve information on users’ usage from time to time to provide customized Services for each user. Cookies are small amounts of information that the server uses to operate the app/website sends to the user’s device and are also stored on the hard disk in the user’s device. You may refuse the installation of cookies. Information collected may include information about your Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring and exit pages, your operating system, dates and timestamps, and clickstream data.
- Purpose of use of cookies: Cookies are used to provide information optimized for each user by identifying the visit to and use type of each service and website that the user has visited, popular search terms, secure access status, etc.
- Installation, operation, and refusal of cookies: A user may refuse the installation of cookies by sending an email to [email protected] (please quote “Doti” in your email title).
- If a user refuses to store cookies, he or she may experience difficulties in using customized Services.
We and our third-party service providers may include advertisements within our Services, and with your consent, we may collect and use information about you, such as your Advertising ID, geographic location, and IP address, for the purpose of delivering and tracking these advertisements. If your device does not have an Advertising ID, we may use other persistent identifiers. We may also access your App list and collect the application package names of the applications installed on your device. We use the above information to help us better count, track, and provide advertisements based on suitability, language, geographic location, and other details. If you wish to opt out of interest-based advertising, you may opt out by sending an email to [email protected]. Please note you will continue to receive generic ads after you opt out of interest-based advertising.
Information Collected by Third-Party ServicesOur Services provided to you may contain our service provider’s Application Programming Interfaces (APIs) or Software Development Kits (SDKs), which may have tracking tools of such service providers. These third parties may use cookies, APIs, and SDKs on our Services and collect and analyze user information. In addition, some third-party SDKs may allow advertisers to collect information in order to provide content that is more relevant to you. Third parties may access your information, such as your device identifiers, region (defined as the location where a given language is used), location information, and IP address under their respective privacy policies. If you want to know more about such third parties, you may send an email to [email protected] (please quote “Doti” in your email title).
Push NotificationsWe may ask you to send us notifications relating to your account or App. To opt out of receiving these types of communications, you can turn them off in your device settings.
Survey DataPersonal and other information you may provide when responding to surveys.
Information That You Proactively Provide to UsWhen you contact us (including but not limited to our customer support team and Data Protection Officer), we collect the data you provide to us, for example, your contact details (e.g., email address and/or telephone number).
Other InformationWe may also collect other information which is not related to your identity. For example, we may collect information on the type and version number of your operating system to better understand system upgrades; we may collect information on your system language for the purpose of language adaptation; and we may collect your App list to understand user preferences. If we choose to collect such information, we will do so for the purpose of improving our Services provided to you.
HOW WE USE INFORMATIONIn addition to the uses listed above, we collect and use your user information and/or personal information for the following purposes:
- Services. To provide, process, maintain, improve, and develop our Services provided to you, including customer support and other services provided through our products.
- Statistical Analysis. To develop and analyze statistics on the use of our products and Services for the purpose of improving our products and our Services.
- To Create an Account. The personal information that we collect when you use our Services to create an account will be used by us to create your account and profile.
- To Provide Location-Based Services. When you use our Services, we or third-party service providers may take advantage of your location information to provide you with advertising, the correct version of our Services, and help you gain a good user experience.
- To Improve User Experience. Certain optional features, such as user experience programs, allow us to analyze data regarding the use of our products and our Services and improve user experience.
- To Provide Push Services. Device information may be used by us to provide push services to assess the performance of adverts and the success of software updates or provide notifications on new product releases.
- To Collect Feedback from You. Your feedback is of great value in helping us to improve our Services. We may collect your email address to contact you and retain the records.
- Other Purposes. We will collect, store, maintain, and use information about you for purposes under the “The Information We Collect” and for purposes of running our operations, pursuing our legitimate interests (e.g., research (including marketing research), network and information security, and fraud prevention), and satisfying our legal obligations.
We may share your information with third parties who provide services on our behalf to help with our business activities. These services may include:
- Providing you with advertising;
- Payment processing;
- Providing customer services;
- Fulfilling subscription services;
- Conducting research and analysis; and
- Providing cloud computing infrastructure.
We will not share with or disclose to third parties (other than our service providers) your personal information in whole or in part except for the purposes of:
- Protecting the security of others or their property;
- Preventing or dealing with fraud;
- Safeguarding our legitimate rights and interests;
- Taking action in line with our purposes as described in the “The Information We Collect” or the “How We Use Information” sections;
- Complying with laws, rules, and regulations or requests by government departments, judicial authorities, law enforcement, or private parties which are typically designed to uphold Internet security and the rights, property, and safety of us, our users, and third parties; and/or
- Evaluating or completing a transaction where we are involved in a merger, acquisition, financing, due diligence, reorganization, bankruptcy, receivership, sale of company assets, or other event where your information may be sold or transferred.
We will only collect and process personal information where we have lawful bases, and we typically rely on one of the following four legal bases:
- Consent (where you have given consent);
- Contract (where processing is necessary for the performance of a contract with you, for example, to operate the site or deliver any services you have requested);
- Legitimate Interests (for example, we need to use your information to provide and improve our Services, including protecting your account, providing customer support). We rely on our legitimate interests as our lawful basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law); and
- Legal Obligations (to comply with the laws, rules, and regulations or requests by government departments, judicial authorities, or law enforcement).
If you have questions about the lawful bases on how we process your personal information, please contact us at [email protected] (please quote “Doti” in your email title).
THIRD-PARTY WEBSITES AND SERVICESOur Services may contain links to other websites and services. In addition, other websites and services may reference or link to our Services. These other domains and websites are not controlled by us, and we do not endorse or make any representations about third-party websites or services. We encourage our users to read the privacy policies of each and every website and service with which they interact. Visiting these other websites or services is at your own risk.
INFORMATION SECURITYWe will take reasonable measures to prevent the loss, improper use of, unauthorized access to, or disclosure of information. For example, some of our Services will use encryption techniques (such as SSL) to protect your personal information. However, you understand and accept that (in the Internet industry) even though we take reasonable security measures, we cannot always guarantee that your information is 100% secure. You understand and accept that we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure. Further, you understand and accept that the system and communication network used by you to access our Services may fail due to factors beyond our control.
INFORMATION ACCESS AND CONTROLWe will take all reasonable and appropriate technical measures to ensure that you can access, update, and correct your personal information or other personal information provided to us by you when using our Services. Before you access, update, correct, or remove such personal information, we may verify your identity in order to protect the security of your account.
DATA RETENTIONSubject to applicable laws, rules, and regulations and the fulfillment of our business or legal purposes, we will delete your information (including your personal information) promptly upon your termination of your account with us.
PRIVACY RIGHTSIn accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your personal information; (ii) obtain access to or a copy of your personal information; (iii) receive an electronic copy of personal information that you have provided to us or ask us to send that information to another company (“right to data portability”); (iv) object to or restrict our uses of your personal information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information; (vi) withdraw your consent; and (vii) request erasure of personal information held about you by us, subject to certain exceptions prescribed by law.
If you wish to exercise your rights, you may send an email to [email protected] (please quote “Doti” in your email title) or mail your request to Unit 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Pixocial). We will process your request in line with applicable laws within a reasonable period of time after receiving your email or mail and will cease collecting, using, and disclosing your personal information thereafter, subject to certain exceptions prescribed by law. To protect your privacy, we will take steps to verify your identity before fulfilling your request. Please note that if you withdraw your consent or delete your personal information, your use of some of our Services may be affected.
California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the California Consumer Privacy Act.
INFORMATION ABOUT CHILDRENWe will not knowingly collect or request personal information from children under 16 (or any other age stipulated by law applicable to your region). If you are under such age, please do not send your personal information to us, including but not limited to your name, address, phone number, or email address. If you believe we may have any information about children under 16 (or any other age stipulated by law applicable to your region), you may send an email to [email protected] (please quote “Doti” in your email title) or send a registered mail to Unit 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Pixocial). If we learn that we have collected personal information from children under 16 (or any other age stipulated by law applicable to your region), we will promptly take steps to delete such information and terminate the associated account.
CROSS-BORDER DATA TRANSFERSDepending on the jurisdiction in which you are a user of and subject to the special rules and policies of such jurisdiction as stated in this Policy, you understand and agree that all information collected via or by us may be transferred, processed, and stored anywhere in the world, including but not limited to the People’s Republic of China, the Hong Kong Special Administrative Region of the People’s Republic of China (“Hong Kong”), Japan, South Korea, Singapore, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates, or the servers of our service providers in order to provide our Services.
AI LANGUAGE MODEL DISCLAIMERIn the Doti app, you can engage in conversations with an AI language model to help you achieve personal growth. Artificial intelligence and machine learning are rapidly developing fields of research, and we are continuously striving to improve this service, making it more accurate, reliable, secure, and trustworthy. However, due to the technical characteristics, even with reasonable efforts, we cannot fully guarantee the legality, authenticity, accuracy, or completeness of the outputs obtained through this service. You should exercise your own judgment on the outputs of the service and assume all risks associated with using the content. We remind you that except where expressly provided by law, we cannot and will not be held liable for any losses or damages resulting from these risks.
The outputs of this service do not represent professional advice and cannot replace specialist consultations in areas such as legal, medical, emotional, etc., provided by professionals in those fields. The viewpoints are limited to the algorithm's access to limited data and are presented for your reference only; they do not represent Doti's position. Due to the nature of machine learning, the same input may yield different outputs, so please discern carefully. Any judgments you make based on the content of the outputs, any subsequent actions taken, and the consequences and responsibilities arising therefrom are solely your responsibility. Please use this service rationally and legally.
GOVERNING LAWThis Policy is established, comes into force, and will be enforced and interpreted under the laws of Hong Kong without regard to its conflict of law provisions. Any disputes arising hereunder will also be resolved in accordance with the Terms of Service. We do not represent or warrant that this Policy complies with the privacy law of any jurisdiction. Therefore, you should not interpret this Policy in accordance with such law.
AMENDMENTS TO THIS POLICYYou agree that we may update this Policy according to relevant laws and regulations or based on our business decisions, and you agree to be bound by any such revisions hereto. We will post any significant changes to this Policy on Doti or notify you by other means as required by law.
FOR USERS IN THE EUROPEAN ECONOMIC AREA AND THE UNITED KINGDOMFor cases in which we process personal information within the scope of the European General Data Protection Regulation and the UK General Data Protection Regulation (collectively “GDPR”), you will find the relevant details on the processing of your personal information in the GDPR Notice below.
FOR USERS IN JAPANRight to Data Disclosure, Correction, Erasure, or Suspension of UseIf you are in Japan, as a data subject, you have the right to request the disclosure, correction, erasure, or suspension of use of your personal information, and we are obliged to meet your request without undue delay. You may send your request by email to [email protected] (please quote “Doti” in your email title) or by mail to Unit 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Pixocial).
FOR USERS IN SOUTH KOREAInternational Data TransfersWe process the personal information of users only within the scope specified under "HOW WE USE INFORMATION" and, in principle, will not provide personal information of users to a third party. However, with your consent, for purposes of providing our Services described under "INFORMATION SHARING AND DISCLOSURE" to you, we may collect your personal information from, transfer it to, and store and process it elsewhere.
- Personal information transferred: please refer to the section “The Information We Collect” of this Policy above
- Transfer date and method: transferred on submission for storage and processing
- Country to which personal information is transferred: Singapore
- Retention of personal information: please refer to the section “Data Retention” of this Policy above
Also, we may transfer your personal information to the following third parties located outside of South Korea:
Name of the person providing personal information | Purpose of the use of personal information | Particulars of personal information to be collected | Period for retaining and using personal information |
---|---|---|---|
Apple Inc. https://www.apple.com/legal/privacy/en-ww/ | To improve product experience and subscription service | IDFA, IP, User's UID, location | For such period as stated in the privacy policy of the relevant third-party platform |
Google LLC https://policies.google.com/privacy?hl=en-US | To improve product experience and provide AI Features | Attribution fields | For such period as stated in the privacy policy of the relevant third-party platform |
OpenAI OpCo LLC https://openai.com/policies/privacy-policy/ | To improve product experience and provide AI Features | Attribution fields | For such period as stated in the privacy policy of the relevant third-party platform |
Dify.AI. LangGenius Inc. https://dify.ai/privacy | To improve product experience and provide AI Features | Attribution fields | For such period as stated in the privacy policy of the relevant third-party platform |
Firebase https://firebase.google.com/support/privacy | Improvement of our Services by analyzing problems encountered by users | user_id, origin_order_id, subscription token, idfa, idfv, g_uuid, IP address, mac_addr, imei, advertising_id, attribution fields | For such period as stated in the privacy policy of the relevant third-party platform |
Adjust GmbH https://www.adjust.com/terms/general-terms-and-conditions | Attribution Services | IDFA, IDFV, GAID, Android ID, FAI, IMEI, OAID, attribution fields | For such period as stated in the privacy policy of the relevant third-party platform |
Whenever we share information outside of where you live, we ensure that the transfer complies with your local law so that your personal information is adequately protected.
If you do not wish to have your personal information transferred outside of South Korea, we will be unable to provide you with our products or Services.
Also, we may receive your personal information from the following third parties:
Name of the person providing personal information | Purpose of the use of personal information | Particulars of personal information to be collected | Period for retaining and using personal information |
---|---|---|---|
Apple Inc. https://www.apple.com/legal/privacy/en-ww/ | Provision of account services | IDFA, IP, User’s UID, Location | As stated in the “Data Retention” section above |
Adjust GmbH https://www.adjust.com/terms/general-terms-and-conditions | Attribution Services | Approximate location, email address, purchase history, app interactions, and other actions | For such period as stated in the privacy policy of the relevant third-party platform |
Subject to applicable laws, rules, and regulations and the fulfillment of our business or legal purposes, we will delete your information (including your personal information) promptly upon your termination of your account with us. We will destroy your personal information according to the following procedures and methods.
- Procedures for Destruction: We select personal information subject to destruction and destroy them with the approval of our data protection officer.
- Method of Destruction: We will destroy personal information stored and filed electronically in a way that can be deleted by using a means that renders the record irrecoverable as far as possible.
Department in Charge of Protecting Personal Information and Handling Complaints:
Pixocial Technology (Singapore) Pte. Ltd.
Attn: Arthur Law
Head of Legal Department
Unit 8106B, Level 81, International Commerce Centre
1 Austin Road West, Kowloon, Hong Kong
Email: [email protected] (please quote “Doti” in your email title)
N/A
FOR USERS IN THE UNITED STATES OF AMERICAPixocial and its affiliates may use such information as your age, race, gender, exercising data, and data relating to sleep to provide and improve the Service and for our internal research purposes. If your biometric information is subject to the Illinois Biometric Information Privacy Act, we will delete your biometric information within three years of your last interaction with the Service.
In accordance with applicable law, you may have the right to:
- Confirm whether or not we are processing your personal information;
- Obtain access to or a copy of your personal information with accompanying details;
- Receive an electronic copy of personal information that you have provided to us or ask us to send that information to another company (i.e., right of data portability);
- Correct your personal information;
- Request to opt-out of certain processing activities, including as applicable if we process your personal information for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws), if we “sell” your personal information (as “sell” is defined by applicable privacy laws), or if we engage in profiling in furtherance of certain decisions that produce legal or similarly significant effects concerning you;
- Request erasure of personal information held about you by us; and
- Appeal our decision to decline to process your request.
If you would like to exercise any of your rights under the applicable privacy laws, please contact our Data Protection Officer via email at [email protected] (please quote “Doti” in your email title) or via registered mail at Unit 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Pixocial). We will process such requests in accordance with applicable laws. If you are a Virginia resident and would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.
The following paragraphs only apply to our processing of your personal information that is subject to the California Consumer Privacy Act (as amended from time to time) (“CCPA”).
The CCPA provides California residents with the right to know what categories of personal information we have collected about them and whether we disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding twelve months. California residents can find this information below:
Category of Personal Information Collected | Category of Third Parties to Whom Personal Information is Disclosed to for a Business Purpose |
---|---|
Identifiers |
|
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) |
|
Protected classification characteristics under California or federal law |
|
Commercial information |
|
Biometric information |
|
Internet or other electronic network activity |
|
Geolocation data | |
Sensory data |
|
Professional or employment-related information | N/A |
Non-public education information (per the Family Education Rights and Privacy Act (20 U.S.C. Sec. 1232g, 34 C.F.R. Part 99)) | N/A |
Inferences drawn from other personal information to create a profile about a consumer |
|
Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number | N/A |
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account | N/A |
Personal information that reveals a consumer’s precise geolocation | N/A |
Personal information that reveals a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership | N/A |
Personal information that reveals the contents of a consumer’s mail, email, and text messages unless Doti is the intended recipient of the communication |
|
Personal information that reveals a consumer’s genetic data | N/A |
Biometric information that is processed for the purpose of uniquely identifying a consumer | N/A |
Personal information collected and analyzed concerning a consumer’s health |
|
Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation | N/A |
The categories of sources from which we collect Personal Information and our business and commercial purposes for using and disclosing Personal Information are set forth in “The Information We Collect”, “How We Use Information”, and “Information Sharing and Disclosure” above respectively. We will retain personal information in accordance with the time periods set forth in “Data Retention” above.
In the preceding twelve months, we have not “sold” any personal information (as defined by the CCPA), nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
In the preceding twelve months, we have not “shared” any personal information for “cross-context behavioral advertising” (as such terms are defined in the CCPA), nor do we have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising”.
We only use and disclose sensitive personal information for the following purposes:
- To provide the Services.
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and/or confidentiality of stored or transmitted personal information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
- To ensure the physical safety of natural persons.
- To verify or maintain the quality or safety of our products, Services, or devices, and to improve, upgrade, or enhance our Services or devices.
- For purposes that do not infer characteristics about individuals.
California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
To protect your privacy, we will take steps to reasonably verify your identity before fulfilling requests submitted under the CCPA. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to provide the email address or phone number we have associated with you and providing a verification code that is sent to your email address or phone number.
Only you or someone legally authorized to act on your behalf may make a verifiable consumer request related to your personal information. To authorize an agent, provide written authorization signed by you and your designated agent and contact us using the information in “Privacy Rights” above for additional instructions.
We do not “sell” personal information or “share” personal information for “cross-context behavioral advertising”, so we do not respond to opt-out preference signals.
If you are a Nevada resident, we do not “sell” your personal information.
If you are in Brazil, the legal basis for processing your personal information that we may rely on are:
- Consent (where you have given consent);
- Contract (where processing is necessary for the performance of a contract with you, for example, to operate the site or deliver any services you have requested);
- Legal Obligations (to comply with the laws, rules, and regulations or requests by government departments, judicial authorities, or law enforcement); and
- To Prevent Fraud and for the Purpose of Protect Credit.
If you have questions about the lawful bases on how we process your personal information, please contact us at [email protected] (please quote “Doti” in your email title).
Right to Data Disclosure, Correction, Erasure, or Suspension of Use, Portability, and to Withdraw ConsentIf you are in Brazil, as a data subject, you have the right to request the disclosure, correction, erasure, suspension of use, or portability of your personal data, as well as the rights to withdraw consent and to be informed about the potential negative consequences of such withdrawal and to be informed about public and private entities with which we have shared your personal data, and we are obliged to meet your request without undue delay. You may send your request by email to [email protected] (please quote “Doti” in your email title) or by mail to Unit 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Pixocial).
Sensitive Personal InformationIf you are in Brazil, you understand and agree that in order to be able to render our Services to you, we may collect sensitive personal information, such as gender, age, race of the characters, exercising data, data relating to sleep, etc.
RepresentativeIf you are in Brazil, you can contact our Data Protection Officer via email at [email protected] (please quote “Doti” in your email title) or mail to Unit 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Pixocial).
International Data TransfersTo provide our Services to you, we may collect your personal information from, transfer it to, and store and process it elsewhere.
- Personal information transferred: please refer to the section “The Information We Collect” of this Policy above
- Transfer date and method: transferred on submission for storage and processing
- Country to which personal information is transferred: Singapore
- Retention of personal information: please refer to the section “Data Retention” of this Policy above
Whenever we share information outside of where you live, we ensure that the transfer complies with your local law so that your personal information is adequately protected.
Data RetentionSubject to applicable laws, rules, and regulations and the fulfillment of our business or legal purposes, we will retain your information (including your personal information) for such period as is required for us to continue to provide you with our Services, as well as during the limitations statutes set forth in the Brazilian Civil Core, LGPD, Brazilian Civil Rights Framework for the Internet, and Brazilian Consumer Protection Code.
We will destroy your personal information without delay when your personal information becomes unnecessary. When we destroy your personal information, we will take commercially reasonable and technically feasible measures to ensure the personal information is permanently deleted.
After the termination of Services, we may retain your personal information to comply with legal or regulatory obligations, transfer to third parties provided that the requirements for data processing as provided in LGPD are obeyed, and for our exclusive use, provided the information will be anonymized.
Choice of LawIf you are a resident in Brazil, this Policy will be enforced and interpreted under the laws of Brazil.
GDPR NOTICEIn the context of the provision of the Services, we process personal data.
If the GDPR applies to our processing of your personal data, we process personal data only in accordance with the GDPR. In our above (general) Privacy Policy, you find information on when the GDPR applies to our processing of personal data. This GDPR Notice supplements the above (general) Privacy Policy and includes detailed information on our processing of your personal data under the GDPR.
- Information on the Controller
- Identity and Contact Details of the Controller
Pixocial Technology (Singapore) Pte. Ltd.
Unit 8106B, Level 81, International Commerce Centre
1 Austin Road West, Kowloon, Hong Kong
[email protected] - Identity and Contact Details of the Controller’s Representatives
The European Union
Rivacy GmbH
Mexikoring 33
22297 Hamburg
[email protected]The United Kingdom
Rivacy Limited
87, Warriner Gardens, Unit G1/G2,
London SW11 4DX,
United Kingdom - Contact Details of the Controller’s Data Protection Officer
Pixocial Technology (Singapore) Pte. Ltd.
Legal Department
Unit 8106B, Level 81, International Commerce Centre
1 Austin Road West, Kowloon, Hong Kong
[email protected]
- Identity and Contact Details of the Controller
- Information on the Processing of Personal Data
- Details on the Personal Data Which Are Processed
Categories of Personal Data Processed Personal Data Included in the Categories Sources of the Data Obligation of the Data Subject to Provide the Data Storage Duration Protocol Data Protocol data which accrue when using the Services to provide content from the server of our applications. This includes IP address, type and version of the mobile operating system used, the content accessed, the content previously accessed, date and time of access. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Registration Data Name, username, gender, date of birth, mobile phone number, location. User of the Services The provision of the information marked as mandatory during the registration process is a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Subscription Data Information on current and/or past subscriptions. User of the Services The provision of the information marked as mandatory during the registration process is a requirement necessary to enter into a subscription contract. The provision of other data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Mobile Device Data Information about your mobile device including its International Mobile Equipment Identity (IMEI), Unique Device Identifier (UDID) or Android ID, Universally Unique Identifier (GUUID), User ID (UID), Identifier for Advertising (IDFA) and Identifier for Vendor (IDFV), Open Anonymous Device Identifier (OAID), Integrated Circuit Card Identifier (ICCID), Media Access Control (MAC) address, Google Advertising ID (GAID), the type of device you use, operating system version, a list of mobile applications installed on your device, and resolution. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Mobile Analytics Data Information to better understand and improve the functionality of our Services. These include information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Network Data Name of the operator and the type of network, name of the WiFi network to which you connect, the location of the WiFi network, and the duration of your WiFi connection. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Location Data Country code, latitude and longitude, network location, IP address, and the system country and system time zone recorded on your device. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Log Data Log Information may include (i) details on when and how often you use our Services, (ii) device statistics including critical operation paths, errors, crashes, language, and time zone. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Image Data Photo/video of the data subject User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided you cannot make full use of the Services. The data are stored in server log files for a maximum period of 21 days. Voice Data Voice of data subject. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided you cannot make full use of the Services. The data are stored in server log files for a maximum period of 21 days. Meta Data Information which describes the analysis results of facial features, gender, age of the characters in photos, and other elements contained in photos. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided you cannot make full use of the Services. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Cookie Data Data subject’s Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring and exit pages, operating system, dates and timestamps, clickstream data. To the extent such personal data is stored in cookies, you can find more detailed information in Section III below. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided you cannot make full use of the Services. The data will be erased when the user logs out from their account. The cookie will be replaced when the token is expired (after 30 days). Advertisement Data Advertising ID (including IDFV, IDFA), geographic location, and IP address. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If you do not provide this data we are not able to provide you with interest-based advertising. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. Third Party Tracking Data Device identifiers, region (defined as the location where a given language is used), location information, IP address. To the extent such personal data is stored in cookies, you can find more detailed information in Section III below. User of the Services The provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. The data you provide will remain stored in your account for as long as your account exists until you delete it yourself. You can delete your account at any time. - Details on the Processing of the Personal Data
Purpose of Processing the Personal Data Categories of Personal Data Processed Automated Decision-Making Legal Basis and Where Applicable Legitimate Interests Recipient Provision of the Services Protocol Data, Registration Data, Subscription Data, Network Data, Location Data, Image Data, Voice Data, Meta Data, Face Recognition Data No automated decision-making takes place. For processing activities relating to the app user: Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). For processing of Location Data: Art. 6 (1) (a) GDPR (consent). For processing activities relating to data subjects different from the device owner: Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests). Our legitimate interest is the provision of our services Other Pixocial Affiliates, Apple Inc., Google LLC, Meta Platform Inc., Tencent Holdings Ltd, Adjust GmbH Statistical Analysis (develop and analyze statistics on the use of our products and Services for the purpose of improving our products and Services) Protocol Data, Mobile Device Data, Mobile Analytics Data, Network Data, Location Data, Log Data, Cookie Data No automated decision-making takes place. Art. 6 (1) (a) GDPR (consent) Other Pixocial Affiliates, Apple Inc., Google LLC, Meta Platform Inc., Tencent Holdings Ltd, Adjust GmbH Creating an Account Protocol Data, Registration Data, Subscription Data, Location Data No automated decision-making takes place. Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests). Our legitimate interest is the provision of the content of our applications requested by the user. Other Pixocial Affiliates, Apple Inc., Google LLC Providing Location-Based Services (for providing user with advertising, the correct version of our Services and help user gaining good user experience) Protocol Data, Location Data No automated decision-making takes place. Art. 6 (1) (a) GDPR (consent) Other Pixocial Affiliates, Apple Inc., Google LLC, Adjust GmbH Improving User Experience (optional features such as user experience programs allow us to analyze data regarding the use of our products and our Services and improve user experience) Protocol Data, Mobile Device Data, Mobile Analytics Data, Network Data, Location Data, Log Data, Image Data, Meta Data, Cookie Data, Third Party Tracking Data No automated decision-making takes place. Art. 6 (1) (a) GDPR (consent) Other Pixocial Affiliates, Apple Inc., Adjust GmbH Providing Push Services (for assessing the performance of adverts and the success of software updates or providing notifications on new product releases) Protocol Data, Mobile Device Data, Advertisement Data No automated decision-making takes place. Art. 6 (1) (a) GDPR (consent) Other Pixocial Affiliates, Apple Inc., Adjust GmbH Verifying User’s Identity Protocol Data, Registration Data No automated decision-making takes place. Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests). In this case, our legitimate interest is verifying your identity to be able to provide the Services to you. Other Pixocial Affiliates, Apple Inc. Collecting Feedback from User (to help us improve our Services) Protocol Data, Registration Data No automated decision-making takes place. Art. 6 (1) (a) GDPR (consent) Other Pixocial Affiliates, Apple Inc., Adjust GmbH Complying with any applicable rules, laws, and regulations, codes of practice, or guidelines or to assist in law enforcement and investigations by relevant authorities Protocol Data, Registration Data, Subscription Data No automated decision-making takes place. Art. 6 (1) (c) GDPR (necessary for compliance with a legal obligation to which the controller is subject) Public authorities, Other Pixocial Affiliates Maintaining the Safe and Stable Operation of the Services (such as identifying or dealing with any failure of the Services) Protocol Data, Network Data, Log Data No automated decision-making takes place. Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests). Our legitimate interest is ensuring the safe and stable operation of the IT infrastructure used for the provision of the Services. Other Pixocial Affiliates Protecting the Security of Your Account, Network Operation, and System and to Prevent Phishing, Website Fraud, and Trojan Horse Viruses Protocol Data, Network Data, Log Data No automated decision-making takes place. Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests). Our legitimate interest is ensuring the security of the IT infrastructure used for the provision of our websites, in particular for the detection, elimination, and conclusive documentation of incidents (e.g., DDoS attacks). Other Pixocial Affiliates Processing of Requests (customer service) Protocol Data, Registration Data, Subscription Data No automated decision-making takes place. If your request concerns a contract to which you are party or the performance of pre-contractual measures: Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). Otherwise: Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests). In this case, our legitimate interest is the processing of your request. Other Pixocial Affiliates - Details on the Recipients of Personal Data and the Transfer of Personal Data to Third Countries and/or International Organizations
Recipient Recipient’s Role Transfers to Third Countries and/or International Organizations Adequacy Decision or Appropriate or Suitable Safeguards for Transfers to Third Countries and/or International Organizations Other Pixocial Entities Processor Singapore There is no adequacy decision of the EU Commission for the United States and Singapore. We have secured your data by concluding so-called standard data protection clauses pursuant to Art. 46(2)(c) GDPR with the recipient. You can obtain a copy of this agreement from our contact address stated above. Apple Inc. Processor Singapore There is no adequacy decision of the EU Commission for Singapore. We have secured your data by concluding so-called standard data protection clauses pursuant to Art. 46(2)(c) GDPR with the recipient. You can obtain a copy of this agreement from our contact address stated above. Google LLC Processor Singapore There is no adequacy decision of the EU Commission for Singapore. We have secured your data by concluding so-called standard data protection clauses pursuant to Art. 46(2)(c) GDPR with the recipient. You can obtain a copy of this agreement from our contact address stated above. OpenAI OpCo LLC Processor Singapore There is no adequacy decision of the EU Commission for Singapore. We have secured your data by concluding so-called standard data protection clauses pursuant to Art. 46(2)(c) GDPR with the recipient. You can obtain a copy of this agreement from our contact address stated above. Adjust GmbH Processor Singapore, The European Union There is no adequacy decision of the EU Commission for Singapore and the European Union. We have secured your data by concluding so-called standard data protection clauses pursuant to Art. 46(2)(c) GDPR with the recipient. You can obtain a copy of this agreement from our contact address stated above.
- Details on the Personal Data Which Are Processed
- Information on the Use of Cookies or Similar Technologies
The following section currently only deals with cookies. If similar technologies (browser fingerprints, local storage, session storage, etc.) are used, this section would have to be adapted accordingly. We use cookies in connection with offering our Services. In doing so, we use the processing and storage functions of your device and/or your device’s browser and collect information from the memory of your device and/or your device’s browser. You will find more detailed information on this in the following.
- General Information on Cookies
Cookies are small text files with information that can be placed on a user’s device when an app is used or a website is visited. When the relevant app or website is used or visited again with the same device, the cookie and the information it contains can be retrieved.
- First-party and third-party cookies
Depending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:
First-party cookies: Cookies that are placed and accessed by the operator of the app or website as the controller or by a processor engaged by the controller. Third-party cookies: Cookies that are placed and accessed by controllers other than the operator of the app or website that are not processors engaged by the operator of the app or website. - Transient and persistent cookies
A distinction can be made between transient and persistent cookies depending on how long they remain active:
Transient cookies (Session cookies): Cookies that are automatically deleted when you close the app or your browser. Persistent cookies: Cookies that remain stored on your device for a certain period of time after the app or browser is closed. - Consent-free cookies and cookies requiring consent
Users’ consent is required for some cookies depending on their function and purpose of use. Thus, a distinction can be made between cookies that require users’ consent and those that do not:
Consent-free cookies: Cookies that have as their sole purpose to transmit a message using an electronic communication network. Cookies that are necessary so that the party offering a service that has been expressly requested by a participant or user can provide this service (“strictly necessary cookies”). Cookies requiring consent: Cookies for all purposes of use other than the aforementioned.
- First-party and third-party cookies
- Management of the Cookies Used in Our App and on Our Website
- Granting and withdrawing consents to the use of cookies in the data protection settings of our app and website
If consent is necessary for the use of certain cookies, we only use these cookies if you have previously granted your consent to this. You can find information as to whether the use of a particular cookie requires consent in the information on the cookies used in our Services in Section III.3. of this Privacy Policy. You cannot deactivate cookies that are strictly necessary in the data protection settings of our app or website. However, you can generally deactivate these cookies in your app or browser at any time.
- Managing cookies using device/browser settings
You can also manage the use of cookies in your device’s or your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this, for example, at All About Cookies. However, we would like to point out that some functions of our app or website may not work properly or at all if you deactivate cookies in general on your device.
- Granting and withdrawing consents to the use of cookies in the data protection settings of our app and website
- Cookies Used in Our App and on Our Website
The following cookies may be used in our app and on our website:
Name First-party / Third-party Purpose of Use and Content Effective Term Consent Necessary? mt_access_token First-party User login token It will be erased when users log out from their account. It will be replaced when the token is expired (30 days). No mt_web_access_token First-party User login token It will be erased when users log out from their account. It will be replaced when the token is expired (30 days). No mt_temp_token First-party User login token It will be erased when users log out from their account. It will be replaced when the token is expired (30 days). No mt_grant_access_token First-party User login token It will be erased when users log out from their account. It will be replaced when the token is expired (30 days). No
- General Information on Cookies
- Information on the Rights of Data Subjects
As a data subject, you have the following rights with regard to the processing of your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7 (3) GDPR)
You may contact us for the purpose of exercising these rights using the contact information in Section I.
Where applicable, you find information on any specific modalities and mechanisms which facilitate the exercise of your rights, in particular, the exercise of your rights to data portability and to object in the information on the processing of personal data in Section II of this GDPR Notice.
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
Below, you find more detailed information on your rights with regard to the processing of your personal data:- Right of Access
As a data subject, you have a right to obtain access and information under the conditions provided in Art. 15 GDPR.
This means, in particular, that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Art. 15 (1) GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed, and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Art. 15 (1) (a), (b), and (c) GDPR).
You can find the full extent of your right to access and information in Art. 15 GDPR. - Right to Rectification
As a data subject, you have the right to rectification under the conditions provided in Art. 16 GDPR.
This means, in particular, that you have the right to receive from us, without undue delay, the rectification of inaccuracies in your personal data and completion of incomplete personal data.
You can find the full extent of your right to rectification in Art. 16 GDPR. - Right to Erasure (“Right to Be Forgotten”)
As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Art. 17 GDPR.
This means that you have the right to obtain from us the erasure of your personal data, and we are obliged to erase your personal data without undue delay when one of the reasons listed in Art. 17 (1) GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 (1) (a) GDPR).
If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to or copy or replication of those personal data (Art. 17 (2) GDPR).
The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Art. 17 (3) GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims (Art. 17 (3) (b) and (e) GDPR).
You can find the full extent of your right to erasure (“right to be forgotten”) in Art. 17 GDPR. - Right to Restriction of Processing
As a data subject, you have a right to restriction of processing under the conditions provided in Art. 18 GDPR.
This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Art. 18 (1) GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Art. 18 (1) (a) GDPR).
Restriction means that stored personal data are marked with the goal of restricting their future processing (Art. 4 (3) GDPR).
You can find the full extent of your right to restriction of processing in Art. 18 GDPR. - Right to Data Portability
As a data subject, you have a right to data portability under the conditions provided in Art. 20 GDPR.
This means that you generally have the right to receive your personal data, with which you have provided us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means (Art. 20 (1) GDPR).
You can find information as to whether an instance of processing is based on consent pursuant to Art. 6 (1) (a) or Art.9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR in the information regarding the legal basis of processing in Section II of this GDPR Notice.
In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Art. 20 (2) GDPR).
You can find the full extent of your right to data portability in Art. 20 GDPR=. - Right to object
As a data subject, you have a right to object under the conditions provided in Art. 21 GDPR.
At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.
More detailed information on this is given below:
Right to object on grounds relating to the particular situation of the data subjectAs a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f), including profiling based on those provisions.
Right to object to direct marketing
You can find information as to whether an instance of processing is based on Art. 6 (1) (e) or (f) GDPR in the information regarding the legal basis of processing in Section II of this GDPR Notice.
In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You can find the full extent of your right to objection in Art. 21 GDPR=.Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section II of this GDPR Notice.
If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.
You can find the full extent of your right to objection in Art. 21 GDPR. - Right to withdraw consent
Where an instance of processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, as a data subject you have the right to withdraw your consent at any time pursuant to Art. 7 (3) GDPR. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.
You can find information as to whether an instance of processing is based on Art 6 (1) (a) or Art. 9 (2) (a) GDPR in the information regarding the legal basis of processing in Section II of this GDPR Notice.
- Right to lodge a complaint with a supervisory authority
As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Art. 77 GDPR.
The supervisory authorities responsible for us are:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 20459 Hamburg
E-mail: [email protected] Phone:
+49 40 42854-4040Information Commissioner’s Office
E-mail: [email protected]
Phone: 0303 123 1113
- Information on the technical terms of the GDPR used in this GDPR Notice
The technical terms relating to data protection used in this GDPR Notice have the meaning used in the General Data Protection Regulation. The full scope of the definitions of the General Data Protection Regulation can be found in Art. 4 GDPR.
You will find more detailed information on the most important technical terms of the General Data Protection Regulation used in this GDPR Notice below:
“Personal data” means any information relating to an identified or identifiable natural person (”data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Data subject” means the respective identified or identifiable natural person, to which the personal data refers to;
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
“International organisation” means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
and “Third country” means a country which is not a member state of the European Union (”EU”) or the European Economic Area (“EEA”) or the United Kingdom.