iBelieve

Privacy Policy

IMPORTANT NOTICE

By using the iBelieve App you consent to the processing of your personal data (including sensitive data revealing racial or ethnic origin, religious or philosophical beliefs and data concerning your sex life or sexual orientation. If you do not agree with the processing of such data by iBelieve, please do not use the App or provide such data to us.

Who we are.

This Privacy Policy applies to any personal data processed by STX Software SRL located in Str. Dr.Ion Nanu Muscel nr. 17, sector 5, Bucharest - Romania (iBelieve, or us), the data controller (as defined under Article 4(7) GDPR) of all processing activities in connection with the App. Questions, comments and requests regarding this Privacy Policy are welcome and should be addressed here: facetofaith@ibelieveapp.com.

Before starting using our Services, you have to confirm that you have read our Privacy Policy carefully, and to consent to iBelive analyzing the personal data (including sensitive data) you supply in order to use the App.

Information that you provide to us.

We may collect and process personal data that you will be asked to provide when you, register to use the App, use the App, complete any form or survey in the App, and provide any feedback to us.

The information that we may ask you to provide includes, but is not limited to, your name, gender, nationality, age, place of birth, date of birth, current residence, level of education, occupation, lifestyle, religious and philosophical beliefs, racial or ethnic origin, email address, or information related to your gender or religious interests, which may be considered sensitive under the applicable laws.

Information we collect about you.

Although we will not use it to identify you, we may collect the following data during each use of our App:

Usage data: technical information about your device, including device-specific information such as your hardware model, operating system version, unique device identifiers, and mobile network information; date and time of use
Analytics data: your IP address, operating system and browser type; information about which app store you downloaded our App from; length of visits to certain pages, and page interaction information

Our App may contain links to third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data. Please check these policies before you submit any personal data to such third-party websites.

Which personal data we may collect and process, why and for how long.

When you register a user account:

Types of data: non-optional data such as email address and password, account ID, device ID, date, time and location of registration
Purpose of processing: we use the above data to provide you with a user account and access to our App. It is not possible to access our App if the non-optional data are not provided
Use justification: Contract performance

When you use the App:

Types of data: any (optional) data you choose provide to us when responding to our in-App questionnaire, including nationality, age, place of birth, date of birth, gender, level of education, occupation, lifestyle, religious and philosophical beliefs
Purpose of processing: we use the data above to create and provide you with a tailored experience within the App
Use justification: Consent for the processing of your sensitive data.

Feedback and content you provide to us:

Types of data: feedback and content that you provide to us
Purpose of processing: we use the feedback and any content you may provide us (optional), including via your phone camera, microphone, video and photo gallery to assess your general experience with the app. We may also use the feedback and any content you may provide us in an anonymized form, for statistical and research purposes, and, subject to your express consent, we may use the content you provide to us for the purpose of creating an art installation.
Use justification: Your consent and where applicable our legitimate interest to improve your user experience. Under no circumstances will we use the collected data to determine your identity. You can withdraw your consent at any time by contacting us.

Where do we store your data.

The personal data that we collect from you is stored in the European Union on Cloud Servers of Amazon Web Services EMEA S.A.R.L. (“AWS”) with a business seat in Luxembourg. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement, as long as the additional requirements of Article 44 et seq. GDPR for the processing of personal data in third countries are met (e.g. if the sub-processor can provide appropriate safeguards under Article 46 GDPR, such as but not limited to standard data protection clauses, binding corporate rules, approved code of conduct or exceptional circumstances under Article 49 GDPR) and any necessary additional measures based on case-by-case assessments.

How long do we retain your data.

We will hold your personal data for as long as it is necessary or required by law or by any relevant regulatory body, and always in compliance with the data minimization principle. Unless stated otherwise, we process your data for the purposes specified above until you request deletion of your account or when you delete your account. If your account is inactive for more than 6 months, we will delete your account and delete or irreversibly anonymize your data (such that it cannot be associated with a specific natural person). We may further retain your data eg. for the purposes of establishing, exercising, or defending against legal claims and to comply with high quality and safety standards, but we will not process the data for any other purposes.

If your personal data is used for more than one purpose, we will retain it until the purpose with the longest period expires, but we will stop using it for the purpose with the shorter period as soon as the shorter period expires (to comply with the purpose limitation principle). We restrict access to your personal data to the persons who need to use it for the relevant purpose(s), always in compliance with the integrity and confidentiality principle. If the processing of your personal data is no longer necessary for any purpose it is either irreversibly anonymized (and the anonymized data may be retained), or securely erased.

Your data subject’s rights.

Under GDPR you have various rights in relation to your personal data. You can contact us at [add iBelieve contact] for any questions regarding your data. To verify your request, we will take reasonable steps such as asking you to send us a confirmation from the email address associated with your account, so that we can verify that you are the owner of this email account.

Right to withdraw consent: Where the processing of your data relies on your prior consent, you have the right to withdraw such a consent at any time by notifying us here. By withdrawing your consent, the lawfulness of the processing based on consent up until the point of withdrawal will not be affected.
Right to object: you have a right to object where the processing is based on legitimate interests, on grounds relating to your particular situation, at any time, to the processing of your personal data, including profiling based on those provisions. In the event of an objection relating to your particular situation, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. If we process your personal data for statistical purposes, you have the right to object to such processing for reasons arising from your particular situation. In the event of such an objection, we will no longer process the personal data concerned for this purpose.
Right to be informed: you have a right to obtain confirmation from us as to whether we are processing your personal data or not. If so, you also have the right to obtain access to your personal data held by us. This includes information regarding the purposes of the processing, the categories of personal data that are being processed, and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
Right to be forgotten: you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17(1) GDPR applies. You can do this by deleting your account, in the App, at any time. If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data
Right to restriction of processing: you have a right to restriction of processing under the conditions provided in Article 18 GDPR. This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18(1) GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data.
Right to data portability: you have a right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from us where the processing is based on consent or on a contract. In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller where technically feasible.
Right to Rectification: have the right to receive from us, without undue delay, the rectification of inaccuracies in your personal data and completion of incomplete personal data.
Right to complain: As a data subject, you have a right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is the Romanian Data Protection Authority, Address: 28-30 G-ral Gheorghe Magheru Bld.; Telephone: +40.318.059.21; E-Mail: anspdcp[at]dataprotection.ro.

Changes to this policy.

Any changes we make to our Privacy Policy in the future will be posted on this page, and where appropriate, notified to you by email, notifications via the App, or by any other available means. We therefore encourage you to review it from time to time to stay informed about the way we are processing your data.