Privacy Policy - likner
TABLE OF CONTENTS
Who controls and processes your information?
what personal information do we process?
What are the purposes of the processing?
What is the legal basis of processing?
Your rights related to processing
Right to erasure (’right to be forgotten’)
Right to restriction of processing
Right to communication of a personal data breach to the data subject
The data subject’s right to lodge a complaint with a supervisory authority
Right to an effective judicial remedy against a supervisory authority
Right to an effective judicial remedy against the Controller or Processor
Introduction
This privacy policy (hereinafter: the Policy) intends to provide the data subjects with clear, easy-to-understand information regarding processing their personal data.
When using Likner mobile app (hereinafter: the App) you provide us with your personal data. We shall process such data with utmost care and in compliance with the legal regulations, and try to meet your demands and expectations regarding data processing.
The most important legal regulations regarding data processing activities:
· REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR, hereinafter: GDPR)
· Act CXII of 2011 on the right to informational self-determination and on the freedom of information (Privacy Act)
· Act CVIII of 2001 on electronic commerce and on information society services
Who controls and processes your information?
UNDECAGON Kft. is the CONTROLLER, and the developer and operator of the App at the same time.
Please see the following table for Data Processors, i.e. service providers contributing to operating the App:
Data processor | Contact info | Service |
Amazon Web Services | 38 Avenue John F. Kennedy, L-1855, Luxembourg | web hosting |
Gordon House, Barrow Street, Dublin 4, Ireland | identification (at registration or signing in), invoicing and payment, Google Analytics | |
Apple | Apple, One Apple Park Way, Cupertino, CA 95014 | identification (at registration or signing in), invoicing and payment, |
4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland | identification (at registration or signing in) |
what personal information do we process?
Communication
For communication we require the following personal data:
- name
- e-mail address
If you provide us with the aforementioned personal data, we will use it to communicate with you
Providing such data is optional, however, we will not be able to communicate with you unless you provide us with the data. You may withdraw your consent at any time without giving reasons, but such withdrawal shall not affect processing based on consent before the withdrawal.
Registering an account
For registration we require the following personal data:
- name
- e-mail address
- address, mailing address
- Google username and password (optional; such data is processed by Google only, we will not see them)
- Apple username and password (optional; such data is processed by Apple only, we will not see them)
- Facebook username and password (optional; such data is processed by Facebook only, we will not see them)
In accordance with Section 13/B of Act CVIII of 2001 on electronic commerce and on information society services we record the following data:
The subscriber’s or user’s
a) identification data required for accessing the service, the date when the service was accessed, including the exact timeframe,
b) IP address and port number used for registration,
c) IP address and port number used for accessing the service,
d) user identification name.
We also record hardware information of your mobile device.
After downloading the app, users may sign in using their names or e-mail addresses and password. Users may also sign in using their Google account, Facebook profile, or Apple ID.
Users must provide these personal data in order to use the App. You cannot use the App without registration and signing in.
Operating a profile
In connection with operating a user profile, we process the following personal data:
- language
- display name (nickname)
- gender
- date of birth
- workplace
- name of school
- introduction
- location - GPS coordinates
- history of likes
- chat messages and reactions
- what gender you want to talk to
- settings
- likes
After registration and signing in you may set up your own profile. This requires giving your nickname (the name you want displayed), your gender (male/female/other), what gender you want to talk to (male/female/other), your date of birth and language.
You may show additional data in your profile, such as introduction, name of schools you attended, name of workplace, location - GPS coordinates (the app gets this information from the mobile phone when the user consents), settings, filtering criteria.
You may like other users after accessing the list of users. When two users like each other, they become “friends” and can chat with each other.
You may set additional filters: gender (male/female/other), age group, distance. It is possible to change the language of the app, and the chosen language preference will be stored on the server.
You may purchase a premium subscription via Google Play or Apple App Store.
Messaging
In connection with messaging (chatting), we process the following personal data:
- name
- personal data in the messages
- photo, voice message
- availability status
- last availability status
- nickname
Messages are free of charge provided that your are messaging a user that you have already liked each other with.
You can purchase “instant messages” (in packs of one, five or ten). These instant messages can be used when you want to message another user without liking each other first.
You can also send GIFs, text messages, voice messages and photos within a chat.
Other data processing
Invoicing
Invoices/receipts will be made by Google/Apple, we do not process personal data related to invoicing.
What are the purposes of the processing?
The purposes of the processing may vary for different processing activities as follows:
What are the activities involved in processing? | What are the purposes of the processing? |
Making contact, communication | Communication |
Entering into a contract by registration and/or accepting the Terms and Conditions | Creating and operating registration |
Operating a user profile | Operating a user profile |
Messaging | Providing services, preventing scams and moderating/banning users who violate the Terms and Conditions |
What is the legal basis of processing?
The legal bases of the processing may vary for different processing activities as follows:
What are the activities involved in processing? | What is the legal basis of processing? |
Making contact, communication | GDPR point a) of Article 6 (1) (consent) |
Registering an account | GDPR point b) Article 6 (1) (performance of a contract), and GDPR point c) of Article 6 (1) (Compliance with a legal obligation) – for data processed on the basis of Section 13/B of Act CVIII of 2001 on electronic commerce and on information society services |
Operating a user profile | GDPR point a) of Article 6 (1) (consent) |
Messaging | GDPR point a) of Article 6 (1) (consent) |
You will not be able to use the App unless you consent to the processing of your personal data.
You may withdraw your consent at any time without giving reasons, but such withdrawal shall not affect processing based on consent before the withdrawal. You may withdraw your consent to data processing by clicking on the ‘deleting registration’ option in the settings.
How long do we retain data?
The retention period may vary for different processing activities as follows:
What are the activities involved in processing? | How long do we retain data? |
Making contact, communication | Until consent is withdrawn |
Entering into a contract by registration and/or accepting the Terms and Conditions | We retain registration data (name, e-mail address, mailing address, username and password) until the termination of the contractual relationship, or until the withdrawal of consent. For subscriber’s or user’s data: pursuant to Section 13/B of the Act CVIII of 2001, data shall be retained for a period of one year from the date of origin of the data in question, or until the termination of the contractual relationship. |
Operating a user profile | Until consent is withdrawn/user account is deleted |
Messaging | Until consent is withdrawn/user account is deleted |
When you delete your profile , all data will be erased from it, except the nickname you provided. The nickname will be visible to those who have chatted with you before. You may request the erasure of your nickname if it constitutes personal data. This request can be submitted via email to [email protected].
Data security
Data is protected by relevant measures against access by unauthorised persons, modification, transferring, disclosing, deleting or destruction, accidental destruction and damages, and becoming inaccessible due to changes in the technology used.
The Controller and Processor implements security measures and processes to safeguard data. These measures are detailed in our internal policies and procedures.
Your rights related to processing
Right to information
You shall have the right to receive information prior to processing of personal data in a transparent, intelligible, clear and easily accessible form in writing from the Controller. The Controller fulfils its information obligation by making this Privacy Policy readily available.
Where the Controller intends to process the personal data for a purpose other than that for which they were collected, the Controller should provide the data subject prior to that further processing with information on that other purpose and other necessary information.
Right of access
You shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Upon your request, the Controller shall provide a copy of the personal data undergoing processing. The Controller may charge a reasonable fee for any additional copies of that document, covering administrative costs. Where you make the request by electronic means, and unless you request otherwise, the information shall be provided in a commonly used electronic form. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
Right to rectification
You shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (’right to be forgotten’)
You shall have the right to obtain from the Controller the erasure of personal data concerning you without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) you withdraw consent on which processing is based, and where there is no other legal ground for the processing;
c) you object to the processing, and there are no overriding legitimate grounds for the processing;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
f) the personal data have been collected in relation to the offer of information society services.
The points stated above shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
c) for reasons of public interest in the area of public health;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defence of legal claims .
Right to restriction of processing
You shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a) you contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the erasure of personal data and request the restriction of their use instead;
c) the Controller no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims; or
d) you have objected to processing pending the verification whether the legitimate grounds of the Controller override those of the data subject.
When processing has been restricted in accordance with the points above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The Controller shall inform you before the restriction of processing is lifted.
Right to notification regarding rectification or erasure of personal data or restriction of processing
You shall have the right to request from the Controller information about the recipients to whom the personal data have been disclosed. The Controller shall be obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
Right to object
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, or for the purposes of the legitimate interest pursued by the Controller or by a third party, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Right to communication of a personal data breach to the data subject
The Controller shall inform you on any personal data breach that may affect you.
The data subject’s right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy.
Supervisory authority of Hungary as Member State: