Privacy policy

Privacy Policy

 

This Privacy Policy describes how Afterhope S.R.L. (“Afterhope,” “we,” “us” or “our“) collects, uses, and transfers your personal data.

Afterhope respects your privacy. 

This Privacy Policy is effective as of the date set forth above. This policy may be changed because of changes in legislation, the requirements of the authorities or to reflect changes in our practices concerning the processing of personal data. The revised policy will be posted on our Site and will be effective immediately upon being posted. 

Essentially, this Privacy Policy is about your personal data handled by us.

  • WHO WE ARE

Afterhope is a Romanian limited liability company headquartered in Bucharest, 11-13 Ion Creangă Street, having the EU Identification Number ROONRC.J40/1722/2020.

Afterhope holds all title, rights and interests over the acaza® application (hereinafter the “App”) and over the [www.acaza.app] website (the “Site”). The App and the Site will hereinafter be collectively referred to as the “Services”.

Our Data Protection Officer may be contacted via dpo@[acaza].app and will handle any questions about our Privacy Policy or privacy practices.

The online services associated with the Services are hosted within EEA based cloud environments of Amazon Web Services, respectively Google Firebase Services.

  • WHAT IS PERSONAL DATA

We treat any data that relates to an identified or identifiable individual or that is linked or linkable to them by or Services as “Personal Data”. This means that data that directly identifies you — such as your name — is personal data, and also data that does not directly identify you, but that can reasonably be used to identify you — such as the serial number of your device — is personal data.

This Privacy Policy covers how we handle personal data whether you interact with us on our Site, through our App, or in person (including by phone or by e-mail). 

  • CORE FUNCTIONALITIES OF THE APP

The App is intended to be a safety and tracking application for Android devices (hereinafter, the “Device”), whose main purpose is to enhance the security of children (hereinafter collectively, the “Protected) being in a dangerous situation, such as disappearing, kidnapping or runaways (hereinafter, the “Trigger Event). 

The App will be installed on the Device operated by the Protected, as well as on the mobile phones of their parent or legal guardian (hereinafter, the “Guardian”).

The Device having the App installed and running will safely and temporarily scan for, collect, encrypt, transfer, store and remove the unique identifiers shared by other devices (MAC address) when connecting to the System’s Wi-Fi, Bluetooth Classic (4.0) and Bluetooth Low Energy (5.0) protocols, and the GPS location of the Protected Devices (“Third Party Data”).

Any Third Party Data will be at rest in an encrypted and temporary manner until (i) permanently and automatically deleted after three days after having been uploaded to the Amazon Web Services, or until (ii) frozen and transferred to the Guardian, when an alert for Trigger Event is issued.

  • SOURCES OF PERSONAL DATA

Afterhope may obtain your personal data from various sources, such as:

  • the use of our Services by the Guardian or by the Protected;
  • by your signing up for any of our Services;
  • in response to technical support or other communication in order to ensure the required performance of Services;
  • in response to marketing or other communications;
  • through participation in an offer, program or promotion.

The use of our App or of some if its core functionalities require that you provide us with some personal data relating to another individual; when you do that, you should make sure that this sharing with us and our further use as described to you from time to time are in line with applicable laws; thus, for example, you should duly inform that individual about the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable laws.

The personal data under our processing enables us to personalize, improve and continue to operate the Services. In connection with certain aspects of the Services, we may request, collect and/or display some of your personal data. 

  • TYPES OF PERSONAL DATA:

Related to the account:

When you create an account on our Services, you will provide information that represents your personal data, such as:

  • your first name and last name (Identity); 
  • email address and telephone number (Contact); 
  • email address and password (Credentials).

 

Related to the subscription:

  • Type and version of the software installed;
  • Protocol version;
  • Device type and manufacturer;
  • Operating system type;
  • Unique pseudonymized user identifier, country code, service identifier, unique device identifier;
  • Purchase data, which consists of the license expiry date and time, license cancellation date and time, purchase identifier in the store, purchase type in the store, store item identifier, store item tags, purchase date and time, purchase state, transaction identifier.

Related to location:

The following data will be processed:

  • Information about the Protected Device’s GPS current coordinates;
  • Flag indicating whether the Protected Device has crossed a particular geofence (Safe Zone) at a set time;
  • Time the Protected device will try to get more accurate coordinates in case current coordinates are not precise;
  • Information about Safe Zone settings;
  • Information about settings on the Protected device: geolocation services supported on the Device.

Technical Information

Technical Information is collected automatically through the interaction with our Services and includes:

  • IP address;
  • browser and plug-ins;
  • device type;
  • operating system type and version.

We may collect some Device-specific information if you access our Services using a mobile device.  It may include but is not limited to:

  • phone number;
  • device type and manufacturer;
  • unique Device identifiers (such as MAC address, Device’s advertising identifier);
  • network information;
  • hardware model.

Usage Information

This includes how you use our Services and data gathered through the operation of the Services, such as:

  • Information about the time and duration of the active use of the Protected Device; 
  • Type of use according to the settings of Guardian’s App;
  • Information about event time and duration;
  • Date and time of request;
  • Information about Device battery level of charge.

Marketing and Communications Data

This includes your preferences in receiving marketing communications from us. You may unsubscribe from these messages through your Account settings, although we, regardless, reserve the right to contact you when we believe it is necessary, such as for account recovery purposes.

Processing of Children Personal Data 

As described above in the Core Functionalities, the App is designated to locate the Protected Device, its location and its interactions with other devices. If a Guardian will install the App and its Core Functionalities in order to use the Core Functionalities, the Guardian can receive information about the child’s Device and information about the child’s location. Additionally, the Guardian can configure parameters such as Safe Zones and specific limits for the child’s location until prompting an alert. Afterhope does not collect children’s data beyond the framework of the aforementioned features.

Aggregated Information

We collect statistical or demographic information about how both unregistered and registered users, collectively, use our Services. This information might include, but is not limited to, for example, session information, Account settings, and parental controls activities.  Some of this information may be derived from Personal Data but it is not considered Personally Identifiable Information, as it cannot be used to identify you.

  • WHY DO WE PROCESS YOUR PERSONAL DATA:

AFTERHOPE WILL ONLY PROCESS PERSONAL DATA FOR PARTICULAR, PRE-DETERMINED PURPOSES THAT ARE LEGITIMATE WITH REGARD TO APPLICABLE LAW, AND THAT ARE RELEVANT TO OUR BUSINESS. Basically, such scopes for processing the personal data are the following:

  • To ensure the performance of a contract with users and to ensure the required performance of the Service for customers;
  • To verify that the license is legal;
  • To increase the effectiveness of the Services;
  • To improve user interaction and experience with our Services and providing the desired content and advertisement, related to Marketing purpose;
  • To provide technical support of Services for customers and to improve the quality of Services, and
  • To conduct statistical and other studies based on anonymous data.

Legal Bases for Data Processing

The legal basis we use depend on the purpose of processing personal data, which may be the following:

  • Contract – according to point (b) of Article 6 (1) GDPR, in cases where we have to process certain data necessary to perform a contract, such as when a user registers its Account;
  • Consent – according to point (a) of Article 6 (1) GDPR, in cases where a user chooses to send us data relating to the receiving Marketing and Communications outside regular scope of Services;
  • Legal obligation – according to point (c) of Article 6 (1) GDPR, in cases where we have to process data to meet legal requirements, such as for tax purposes;
  • Legitimate interest – according to point (f) of Article 6 (1) GDPR, in cases where we have legitimate interests as a company, except where such interests are overridden by the interests or fundamental rights and freedoms of the user. In such cases, for example, where personal data is stored in our infrastructure and analyzed for recent and potential bugs (including troubleshooting, data analysis) by using special technologies and/or relying on the expertise of our specialists, testing. Recital 49 of the GDPR acknowledges that it is a legitimate interest of a company to process personal data to the extent necessary and proportionate in order to ensure network and information security.

Please see the table below for the specific purposes that we have identified, the legal basis and what our legitimate interests are where appropriate:

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

Identity

Contact

Performance of a contract with you

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey or provide feedback

Contact

Credentials

Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To manage and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Identity

Contact

Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant content on our Services and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

Identity

Contact

Usage

Marketing and Communications

Technical

Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, services, marketing, customer relationships and experiences

Technical

Usage

Necessary for our legitimate interests (to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about new updates and functionalities of our Services that may be of interest to you

Identity

Contact

Technical

Usage

Necessary for our legitimate interests (to develop/improve our products/services and grow our business)

To operate the Services

Technical

Usage

Credentials

Performance of a contract with you

To approach new customers, to inform about new products or services not similar to our Services, to perform automatic decisions including profiling (discussed below)

Usage

Consent

Please contact us if you need more details about the above description.

  • LIMITATION OR RESTRICTION ON DATA PROCESSING

IF YOU CHOOSE NOT TO PROVIDE DATA THAT IS NECESSARY IN ORDER FOR OUR SERVICE OR A FEATURE TO WORK, YOU MAY NOT BE ABLE TO USE THAT SERVICE OR FEATURE.

  • WHAT WE AREN’T GOING TO PROCESS

Through our Services, Afterhope never processes “sensitive” personal data such as religion, political views, sexual preference or health, or other special categories of personal data. We do not wish to receive any such data and will not request it from you.

Our App must be installed and used by an adult. Children may use the Protected Device and the designated App module for Protected where the App was installed only with permission from their Guardian. Except for the processing described under Processing of Children Personal Data Section above, we do not intend to process personal data of children, nor do we want to receive such personal information of children.

  • SHARING OF YOUR INFORMATION

We will not rent or sell any Personal Data.

In order to ensure the Core Functionalities, we may share the Personal Data collected by the Protected Device in case of a Trigger Event with the Police and other relevant authorities.

We will share only the legally mandatory and strictly necessary Personal Data with other third parties in order to comply with the law, to execute our contract or to protect our legitimate interests. Such third parties may be our accountants and the Fiscal Authorities (during the payment, billing and cash collection process), third party technicians (during the tech support sessions), third party marketing companies to advertise and promote our new features, legal counsel (with regard to individual legal actions).

  • HOW WE PROTECT YOUR PERSONAL DATA

We care about the security of your Personal Data and we use commercially reasonable physical, administrative, technological and procedural safeguards to preserve the integrity, resilience, availability and security of all information under our processing and to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. 

When you use our Services, any Personal Data (including any data collected by the Protected Device) is securely encrypted in transit and at rest. We have also put in place security measures and access control mechanisms to ensure that any information is prevented from loss and only accessed in an authorized manner.

We store and process Personal Data by using the latest industry-standard techniques. However, we cannot guarantee or warrant that such techniques will provide complete security of your Personal Data.  Any transmission is at your own risk.

Your Account information will be protected by a password for your privacy and security. You need to prevent unauthorized access to your Account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer, browser, Device and App.

  • HOW LONG DO WE KEEP THE PERSONAL DATA

As stated above we only collect Personal Data that is needed for the purposes specified in this Privacy Policy and we only retain Personal Data for as long as it is necessary.

Any data collected by the Protected Device will be automatically deleted after three days  after having been uploaded to the Amazon Web Services.

Upon termination of the contract, Personal Data is deleted from live systems within 30 days and from the backup systems after 12 months following the date of the account termination or request.

  • WHAT ARE YOUR RIGHTS AND OPTIONS

You have certain rights regarding your Personal Data. We also offer you certain options about what personal data you provide to us, how we use that information, and how we communicate with you.

In most cases you can choose not to provide personal data to us when you use our Services. You may also refrain from submitting information directly to us. However, if you do not provide personal data when requested, you may not be able to benefit from the Services’ functionalities and we may not be able to provide you with information about our products, services and promotions.

You can at any time choose not to receive marketing communications by email, if you have previously subscribed to receive them, by clicking on the unsubscribe link within the marketing emails you receive from us.

To the extent provided by applicable law, you may withdraw any consent you previously provided to us or object at any time, on legitimate grounds, to the processing of your personal data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to Afterhope’s use or disclosure of your personal data will mean that you cannot take advantage of certain functionalities embedded in the Services.

Subject to applicable law, you may have the following rights:

  • To obtain confirmation that we hold personal data about you;
  • To request access to and receive information about your personal data;
  • To receive copies of your personal data that you provided to us, also in a machine-readable format and have it sent to another data controller, where technically possible;
  • To update and correct inaccuracies in your personal data;
  • To object to the processing of your personal data;
  • To have the information blocked, anonymized or deleted, as appropriate; as well as
  • To lodge a complaint with the relevant data protection supervisory authority.

The right to access personal data may be limited in some circumstances by the requirements of local law or technological measures, including where the data has been anonymized and therefore does not relate to an identified or identifiable natural person. If you wish to exercise these rights, you may at any time directly contact us at dpo@acaza.app.

If you wish to object to data processing or withdraw your consent in cases where you use our free functionalities, you must stop using and/or uninstall the Service. If you wish to exercise your right to remove the already sent data, please contact us directly to request deletion via dpo@acaza.app.

If we fall short of your expectations in processing your personal data or you wish to make a complaint about our privacy practices, please relate this to us, as it gives us an opportunity to fix the problem. You may contact us by using dpo@acaza.app. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time. 

  • THE PRIVACY PRINCIPLES

Personal data processing at Afterhope is based on the following principles:

Consent and choice

  • Presenting to the users the choice whether or not to send their personal data except where the users cannot freely withhold consent or where applicable law specifically allows the processing of personal data without the natural person’s consent. The user’s election must be freely given, specific and made on a knowledgeable basis;
  • Informing users, before obtaining consent, about their rights under the individual participation and access principle;
  • Providing users, before obtaining consent, with the information indicated by the openness, transparency and notice principle; and
  • Explaining to users the implications of granting or withholding consent.

Purpose legitimacy and specification

  • Ensuring that the purpose(s) complies with applicable law and relies on a permissible legal basis;
  • Communicating the purpose(s) to users before the information is used for the first time for a new purpose;
  • Using language for this specification which is both clear and appropriately adapted to the circumstances.

Data processing limitation

  • Gathering of personal data to that which is within the bounds of applicable law and strictly necessary for the specified purpose(s).
  • Deleting and disposing or anonymizing of personal data whenever the purpose for personal data processing has expired, there are no legal requirements to keep the personal data, or whenever it is practical to do so.

Use, retention and disclosure limitation

  • Limiting the use, retention and disclosure of personal data to that which is necessary in order to fulfill specific, explicit and legitimate purposes;
  • Limiting the use of personal data to the purposes specified by Afterhope prior to receiving the data, unless a different purpose is explicitly required by applicable law;
  • Retaining personal data only as long as necessary to fulfill the stated purposes (e.g. retaining personal data required for the license for the period of the relevant license agreement between you and Afterhope, normally 1 year plus, if applicable, any renewal period, depending on the license terms) and thereafter securely destroying or anonymizing it;
  • Retaining personal data for as long as necessary in order to fulfill legal obligations, comply with laws, resolve disputes, including in cases of litigation, proceedings or investigations;
  • Retaining personal data for as long as necessary in order to fulfill legitimate interests; and
  • Locking (i.e. archiving, securing and exempting the personal data from further processing) any personal data when and for as long as the stated purposes have expired, but where retention is required in order to comply with applicable laws.

Accuracy and quality

  • Ensuring that the personal data processed is accurate, complete, up-to-date (unless there is a legitimate basis for keeping outdated data), adequate and relevant for the purpose of use;
  • Ensuring the reliability of personal data provided from a source other than from users before it is processed;
  • Verifying, through appropriate means, the validity and correctness of the claims made by the user prior to making any changes to the personal data (in order to ensure that the changes are properly authorized), where it is appropriate to do so;
  • Establishing personal data processing procedures to help ensure accuracy and quality; and
  • Establishing control mechanisms to periodically check the accuracy and quality of personal data processing.

Openness, transparency and notice

  • Providing users with clear and easily accessible information about our policies;
  • Establishing procedures and practices with respect to the processing of personal data;
  • Including in notices the fact that personal data is being processed, the purpose for which this is done, the types of privacy stakeholders to whom the personal data might be disclosed and the identity of the entity which determines the above and on how to contact;
  • Disclosing the options and means offered by Afterhope to users for the purposes of limiting the processing of and for accessing, correcting and removing their information;
  • Giving notice to users when major changes in the personal data handling procedures occur.

Individual participation and access

  • Giving users the ability to contact us (by using the contact details provided in the “How to Contact Us”) and review their personal data, provided their identity is first authenticated with an appropriate level of assurance and such access is not prohibited by applicable law;
  • Allowing users (by using the contact details provided in the “How to Contact Us” or by using interface of our Services) to challenge the accuracy and completeness of the personal data and have it amended, corrected or removed as appropriate and possible in the specific context;
  • Providing any amendment, correction or removal to personal data processors and third parties to whom personal data had been disclosed, where they are known; and
  • Establishing procedures to enable users to exercise these rights in a simple, fast and efficient way, which does not entail undue delay or cost.

  • HOW TO CONTACT US

If you have any questions or comments about this Privacy Policy, our privacy practices or if you would like us to update or remove information or preferences you provided to us, please contact our Data Protection Officer at dpo@acaza.app.