Privacy Policy
This Application collects Personal Data from its Users. The policy can be printed through the print command in the browser settings.
The Owner and Data Controller is located at
Wilhelmina van Pruisenweg 35, 2595 AN The Hague, and can be contacted at [email protected].
Types of Data Collected
This Application collects various types of Personal Data, either directly or through third parties. These include: tracker, unique device identifiers for advertising (e.g. Google Advertiser ID or IDFA), device information, geography/region, number of Users and sessions, session duration, application opens/launches, operating systems, email address, usage data, universally unique identifier (UUID), payment info, first and last name, billing address, phone number, password, social media accounts, geographic position, location permissions (continuous/non-continuous and approximate/precise), camera permission (without saving or recording), and shipping address. The details of each type of data collected are provided in the dedicated sections of this privacy policy or in specific explanation texts displayed before the data is collected.
Data Collection
Personal Data can either be provided by the User or collected automatically when using the Application (e.g. Usage Data). Unless specified otherwise, all Data requested by the Application is mandatory and failure to provide it may result in the inability to use its services. If some Data is not mandatory, the User can choose not to provide it without affecting the availability or functionality of the service. If unsure about mandatory data, the User can contact the Owner. The use of Cookies or other tracking tools by the Application or third-party services used by the Application serves the purpose of providing the required Service and any other purposes outlined in this privacy policy and the Cookie Policy (if available). The User is responsible for obtaining consent from third parties for any Personal Data obtained, published, or shared through the Application.
Data Processing
The Owner implements appropriate security measures to prevent unauthorized access, modification, disclosure, or destruction of the Data. The processing of Data is carried out using computers and/or IT tools and following organizational procedures strictly related to the intended purposes. The Data may be accessible to certain personnel involved in the operation of the Application (e.g. administration, sales, marketing, legal, system administration) or external parties (e.g. technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed as Data Processors by the Owner if necessary. The updated list of these parties can be requested from the Owner at any time.
Legal Basis of Processing
The Owner can process Personal Data if one of the following applies: (1) User consent for specific purposes, (2) provision of Data is necessary for performance of an agreement with the User, (3) necessary for compliance with a legal obligation, (4) related to a task carried out in the public interest or exercise of official authority, or (5) necessary for the Owner’s or a third party’s legitimate interests. The Owner will clarify the specific legal basis for processing upon request.
Place of Processing
The Data is processed at the Owner’s operating offices and any other places where the parties involved in the processing are located. Data transfers to a country other than the User’s may occur, and details on the place of processing can be found in the relevant section of this privacy policy. The User has the right to know about the legal basis of data transfers and the security measures taken by the Owner to safeguard their Data. If such a transfer occurs, more information can be obtained by checking the relevant sections of this document or contacting the Owner.
Retention Time
Personal Data will be processed and stored for as long as required by the purpose the have been collected for.
Retention of Personal Data:
Personal Data collected for contract performance will be kept until the contract is fulfilled.
Personal Data collected for legitimate interests will be kept as long as needed to achieve those interests. Information on the legitimate interests can be found in this document or by contacting the owner.
If the user gives consent, the owner may keep Personal Data for a longer period, but only as long as the consent is not withdrawn. Additionally, if required by law or by an authority, the owner may be obliged to keep Personal Data longer.
After the retention period, Personal Data will be deleted and the rights of access, erasure, rectification, and data portability cannot be exercised.
Processing Purposes:
The owner collects User Data to provide its service, meet legal obligations, respond to enforcement requests, protect rights and interests, detect malicious or fraudulent activity, and for: Analytics, User database management, Handling payments, Registration and authentication, Content performance and features testing (A/B testing), Social features, Managing contacts and sending messages, Infrastructure monitoring, Location-based interactions, Device permissions for Personal Data access, Hosting and backend infrastructure, Platform services and hosting, Managing support and contact requests and Location processing.
For information on the Personal Data used for each purpose, see “Detailed information on the processing of Personal Data”.
Device Permissions for Personal Data Access:
Depending on the device, this application may ask for certain permissions to access device data.
The user must grant these permissions, but can revoke them at any time through device settings or by contacting the owner.
Revoking these permissions may impact the application’s functioning.
If the user grants any of the listed permissions, the respective Personal Data may be processed by this application.
Location Permissions:
Approximate location (continuous): used to access the user’s approximate device location and provide location-based services.
Approximate location (non-continuous): used to access the user’s approximate device location and provide location-based services, but the location is not determined continuously.
Precise location (continuous): used to access the user’s precise device location and provide location-based services.
Precise location (non-continuous): used to access the user’s precise device location and provide location-based services, but the location is not determined continuously.
Camera Permission:
Camera permission (without saving or recording): used to access the camera or capture images and video from the device, but does not save or record the output.
Detailed information on Personal Data Processing:
Personal Data is collected for the following purposes and using the following services:
Analytics
This section provides services that allow the owner to monitor and analyze web traffic and track user behavior.
Google Analytics for Firebase (Google LLC)
Google Analytics for Firebase, also known as Firebase Analytics, is an analytics service provided by Google LLC. To understand Google’s use of data, consult Google’s partner policy. Firebase Analytics may share data with other Firebase tools such as Crash Reporting, Authentication, Remote Config or Notifications. The user can check this privacy policy for details on these tools.
The Firebase Analytics service uses mobile device identifiers and technologies similar to cookies. Users can opt-out of certain Firebase features through device settings or by following instructions in other Firebase-related sections of the privacy policy, if available. The following personal data is processed: application opens, device information, geography/region, launches, number of sessions, number of users, operating systems, session duration, tracker, and unique device identifiers for advertising (such as Google Advertiser ID or IDFA). Processing takes place in the United States.
Content performance and features testing (A/B testing)
This section provides services that allow the owner to track and analyze the user’s response to changes in the structure, text, or other components of the application.
Firebase Remote Config (Google LLC)
Firebase Remote Config is an A/B testing and configuration service provided by Google LLC. The personal data processed is specified in the service’s privacy policy. Processing takes place in the United States.
Device permissions for Personal Data access
This application requests certain permissions from users that allow it to access the user’s device data as summarized and described in this document. The personal data processed includes approximate location (continuous and non-continuous), camera permission without saving or recording, and precise location (continuous and non-continuous).
Handling payments
This application processes payments through external payment service providers by credit card, bank transfer, or other means, unless otherwise specified. Users are asked to provide their payment details and personal information directly to the payment service providers, and this application only receives a notification if payment is successfully completed.
Stripe (Stripe Technology Europe Ltd)
Stripe is a payment service provided by Stripe Technology Europe Ltd. The personal data processed includes billing address, email address, first name, last name, payment information, and other data specified in the service’s privacy policy. Processing takes place in Ireland.
PayPal (PayPal Inc.)
PayPal is a payment service provided by PayPal Inc. that allows users to make online payments. The personal data processed includes billing address, email address, first name, last name, and phone number. The privacy policy for processing can be found on PayPal’s website.
Apple Pay (Apple Inc.)
Apple Pay is a payment service provided by Apple Inc. that allows users to make payments using their mobile phones. The personal data processed includes billing address, email address, first name, last name, payment information, and shipping address. Processing takes place in the United States.
Google Pay (Google Ireland Limited)
Google Pay is a payment service provided by Google Ireland Limited that allows users to make online payments using their Google credentials. The personal data processed includes billing address, email address, first name, last name, payment information, and shipping address. Processing takes place in Ireland.
Hosting and backend infrastructure
This type of service provides hosting for data and files to run and distribute this application and its specific features. Some services listed below may have geographically distributed servers, making it difficult to determine the actual location of stored personal data.
Google BigQuery (by Google Ireland Limited)
Google BigQuery is a hosting and backend service offered by Google Ireland Limited that processes various types of personal data as outlined in their privacy policy. Processing of this data takes place in Ireland.
Google Cloud Storage (by Google Ireland Limited)
Google Cloud Storage is another hosting service offered by Google Ireland Limited that processes various types of personal data, also as outlined in their privacy policy. Processing takes place in Ireland.
Infrastructure Monitoring
This service allows the application to monitor its components, improving performance, operation, maintenance and troubleshooting. The type of personal data processed depends on the service’s characteristics and implementation, with the purpose of filtering the application’s activities.
Firebase Performance Monitoring (by Google LLC)
Firebase Performance Monitoring is a monitoring service provided by Google LLC that processes various types of personal data, as specified in their privacy policy. Processing of this data takes place in the United States.
Sentry (by Functional Software, Inc.)
Sentry is a monitoring service provided by Functional Software, Inc. that processes various types of personal data, as outlined in their privacy policy. Processing takes place in the United States.
Location Processing
Radar (Radar Labs, Inc.) is a geolocation service that collects location data (latitude, longitude), device IDs, IP addresses, and device info. The processing takes place in the United States (https://radar.com/privacy).
Location-based Interactions
This Application may use the User’s location data to provide location-based services. The User’s explicit authorization is required to track their location. The processed data is geographic position.
Managing Contacts and Sending Messages
Services such as Firebase Notifications (Google LLC) and Mailjet (SAS Mailjet) allow for managing email/phone contacts and sending messages. Firebase Notifications can also be integrated with Firebase Analytics to track events. Personal data processed varies (as specified in the service’s privacy policy). Firebase Notifications processes data in the United States, Mailjet in France. Firebase Cloud Messaging (Google Ireland Limited) is another messaging service that processes data in Ireland.
Managing Support and Contact Requests
Zendesk (Zendesk, Inc.) is a service used to manage support and contact requests. Personal data processed varies (as specified in Zendesk’s privacy policy) and the processing takes place in the United States.
Platform Services and Hosting
Services such as Apple App Store (Apple Inc.) and Google Play Store (Google Ireland Limited) host and run key components of this Application and provide tools for analytics, user registration, payment processing, etc. Some services may store data on geographically distributed servers. Apple App Store processes data in the United States, Google Play Store in Ireland. Users can opt-out of analytics through their device settings.
Registration and Authentication
Services such as Firebase Authentication (Google LLC) and Facebook Authentication (Meta Platforms Ireland Limited) provide registration and authentication services. Firebase Authentication can also use third-party identity providers. Personal data processed for Firebase Authentication includes email, name, password, phone number, and social media accounts. Processing takes place in the United States. Facebook Authentication processes data in Ireland.
Firebase Dynamic Links: This is a social feature by Google LLC. The links are tracked in Firebase or Google Analytics for Firebase to give the owner information about the user’s journey in the app. Personal data processed: Various types of data specified in the service’s privacy policy. Place of processing: United States.
User database management: This service enables the owner to create user profiles using information provided by the user and track their activity through analytics. This data may also be combined with publicly available information to build private profiles. Some services may allow for timed communication with the user through email or in-app messages. Intercom (Intercom R&D Unlimited Company) is an example of such a service. Personal data processed: Data communicated, email address, usage data, etc. Place of processing: Ireland.
Opting out of interest-based advertising: Users can follow instructions from YourOnlineChoices (EU), Network Advertising Initiative (US), Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan), or similar initiatives to control their tracking preferences. The Owner suggests using these resources along with information provided. The Digital Advertising Alliance has an app called AppChoices to control interest-based advertising on mobile apps. Users may also opt-out through device settings.
Push notifications: This app may send push notifications to the user. Users may opt-out by changing the notification settings for this app on their device, but this may negatively affect the app’s functionality. Push notifications may also be sent based on the user’s location.
Selling goods and services online: Personal data is collected to provide services or sell goods, including payment information. The type of data collected depends on the payment system used.
Users’ rights: Users have the right to withdraw consent, object to processing, access their data, verify/rectify it, restrict processing, delete it, receive it and transfer it to another controller, or file a complaint. Details about objecting to processing for public interest or official authority are provided in the privacy policy.
Exercising User Rights
User rights can be exercised by contacting the Owner using the contact information provided in this document. These requests are free and will be addressed by the Owner within one month or as soon as possible.
Data Collection and Processing Information
Legal Action
The Owner may use the User’s Personal Data for legal purposes in court or in preparation for potential legal action resulting from improper use of the Application or Services. The User acknowledges that the Owner may be required to disclose personal data to public authorities upon request.
More Information on User’s Personal Data
In addition to the information in this privacy policy, the Application may provide additional context-specific information about the collection and processing of Personal Data upon request.
System Logs and Maintenance
For operation and maintenance, this Application and third-party services may collect interaction records (System logs) and use other Personal Data (such as IP Address).
Information Not Covered in this Policy
For more information on the collection and processing of Personal Data, contact the Owner. Contact information can be found at the beginning of this document.
Handling “Do Not Track” Requests
This Application does not support “Do Not Track” requests. To determine if third-party services used by this Application honor these requests, consult their privacy policies.
Changes to Privacy Policy
The Owner reserves the right to change this privacy policy at any time by posting updates on this page and potentially within the Application. It is recommended to check this page frequently, with the last modification date listed at the bottom.
If changes impact processing activities based on the User’s consent, the Owner will obtain new consent as needed.
Definitions and Legal References
Personal Data
Data that directly, indirectly, or in connection with other information (including a personal identification number) allows for the identification of a natural person.
Usage Data
Information automatically collected through the Application or third-party services used by it. This may include IP addresses, URI addresses, request time, request method, file size, status code, country of origin, browser and operating system details, time spent on each page, sequence of pages visited, device operating system information, and other IT environment details.
User
The person using the Application, who is the Data Subject unless otherwise specified.
Data Subject
The natural person to whom Personal Data refers.
Data Processor
The natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller as described in this privacy policy.
Data Controller (Owner)
The natural or legal person, public authority, agency, or other body that determines the purposes and means of processing Personal Data, including security measures. The Data Controller is the Owner of the Application unless otherwise specified.
Application
The means by which Personal Data of the User is collected and processed.
Service
The service provided by the Application as described in its terms and on the site/application.
European Union (EU)
References to the European Union in this document include all current member states of the European Union and the European Economic Area unless otherwise specified.
Cookie
Small data files stored in the User’s browser, used as trackers.
Tracker
Any technology (such as cookies, unique identifiers, web beacons, embedded scripts, e-tags, or fingerprinting) used to track Users by accessing or storing information on their device.
Legal Information
This privacy statement is based on provisions from various legislations, including Art. 13/14 of the General Data Protection Regulation (EU) 2016/679.
This privacy policy applies solely to this Application unless stated otherwise within this document.
Latest Update: 10 May 2022