PERSONAL DATA PROCESSING POLICY
1. General Provisions
1.1 The Controller believes that its primary goal and prerequisite for conducting its business is to respect the human and civil rights and freedoms while processing personal data, including the personal and family privacy rights.
2. Policy Terms and Definitions
2.1. TheApplication is the COSMODREAMS AR® mobile application, i.e. the set of graphics and information materials, as well as the software and databases ensuring their accessibility on the Internet at the following address: https://cosmodreams.com/en/ar/;
2.2. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.4. User is any user that has downloaded and installed the Application.
3. Personal Data of the User to Be Processed
While using the Application, the Controller may collect and process the following of the User’s personal data:
- First name;
- Email address;
- Usage data that may include IP address of the mobile device, the mobile device operating system, mobile device type and language, location, time, and other anonymized diagnostic data.
4. Processing Purposes
4.1. The purpose of processing the User’s personal data is to make the Application's functions available to the User (legal basis: Art. 6 (1) lit. b) GDPR), to inform the User by sending emails (legal basis: Art. 6 (1) lit. a) and f) GDPR); to enter into, perform, and terminate contracts (legal basis: Art. 6 (1) lit. b) GDPR); and to enable the User’s access to the services, information and/or materials stored on the website (legal basis: Art. 6 (1) lit. b) and f) GDPR).
4.2. The Controller may also process User's personal data to notify the User of new products and services, special offers and various events (legal basis: Art. 6 (1) lit. a) and f) GDPR). The User may at any time unsubscribe from such notifications by sending to the Collector’s email address: firstname.lastname@example.org an email with the subject ‘Unsubscribe from notifications about new products and services and special offers’.
4.3. Anonymised User data collected with web analytics services are intended to gather information about the Users’ activities on the website and improve overall website quality and content (legal basis: Art. 6 (1) lit. f) GDPR).
5. Procedure for Collection, Storage, Transfer, and Other Personal Data Processing Actions
The protection of personal data processed by the Controller shall be ensured by legal, organisational and technical measures required to fully comply with the applicable data protection laws.
5.1. The Controller shall ensure the integrity of personal data and take every possible measure to prevent unauthorised access to personal data.
5.2. The User’s personal data shall in no case and under no circumstances be transferred to third parties, unless otherwise required by applicable legislation.
5.3. In case of any inaccuracies identified in the personal data, the User may update them personally by sending to the Controller’s email address email@example.com a notice with the subject ‘Personal Data Update.’
5.4. The Controller stores User's personal data as long as it is necessary for the fulfilment of Controller's contractual and legal obligations. If the data are no longer required for these obligations, they are regularly deleted, unless their temporary further processing is required for legal reasons. Temporary processing may be necessary, for example, due to tax regulations.
6. Cross-Border Transfer of Personal Data
6.1. Prior to any cross-border transfer of the personal data, the Controller shall make sure that the relevant foreign jurisdiction has in place appropriate measures to efficiently protect the rights of the User.
6.2. Cross-border transfer of personal data to any jurisdictions that do not comply with the above requirements may only be effected upon written consent of the personal data subject to such cross-border transfer of his or her personal data and/or by way of performance of a contract to which the personal data subject is a party.
7.1. The User is entitled to the following rights concerning his or her personal data: Right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR). Furthermore, Users are entitled to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In addition, Users can revoke any potentially given consent to the processing of personal data at any time with effect for the future. The User may request clarifications with regard to any issues related to the processing of his or her personal data or assert his or her rights by sending a relevant enquiry to the Controller’s email address firstname.lastname@example.org.
8. Final provisions
8.1. The User can receive any clarifications on issues of interest concerning the processing of their personal data by contacting the Controller by sending to the Controller’s email address email@example.com.
8.2. The Controller may also use the information that is on the Apple TrueDepth camera for FaceTracking masks. The information that is on the Apple TrueDepth camera is used in real time, the Controller does not store it on its servers and does not transfer it to the third parties.