LAST UPDATED AND EFFECTIVE: May 12th 2021
When you use these Services, you’ll share some information with us. So, we want to be upfront about the information we collect, how we use it, and the controls we give you to access, update, and delete your information.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.yeomessaging.com (the Site) or using YEO Messaging Limited’s mobile application (the App) or using any services offered through or associated with our Services or App (the Services), you are deemed to have accepted and consented to the practices described in this policy.
ABOUT THIS POLICY
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and disclosed by us.
This policy explains:
- what personal data we collect about you in the course of your use of our Services, why we collect it, who it goes to and how long we keep it
- how we use your personal data
- how we protect your personal data
- your legal rights in respect of your personal data, including how to access and update the information we hold about you.
For the purposes of applicable data protection laws, YEO Messaging Limited (trading as “YEO Messaging” or “YEO”) is a Data Processor once clients use the YEO Messaging platform. This means we are the primary entity that decides the purposes and means for dealing with your personal data.
- Our company number is 10785061.
- Our registered address is Speedwell Mill Old Coach Road, Tansley, Matlock, Derbyshire, England, DE4 5FY.
- Our Appointed Data Protection Officer (“DPO”), who is responsible for matters relating to privacy and data protection, and can be reached at email@example.com
Please note that some of the provisions here will only apply if you are based in the EU.
2. WHAT INFORMATION DO WE COLLECT ABOUT YOU?
We need to receive or collect some information to operate, provide, improve, understand, customise, support, and market our Services, including when you install, access, or use our Services. This includes:
From User Registration and during use of the App.
From User registration, we store the following on our servers in an encrypted format database and while at rest (not being used).
- First and Last Name as registered.
- Email Address
- Country Code where first registered
- Language Used
- Phone Number
- User Avatar
- Biometric identification string / face data
Please note that the biometric string/face data is merely a reference for landing points on the face and cannot be used on alternative systems to identify the user.
Other Information we maintain on our servers for internal statistical use.
- a record of each user’s number of contacts,
- who they are and how many they have in their YEO directory.
- We collect statistics on the number of messages sent and received.
Why? This enables us to better manage communication and optimise services for the application.
At no time are we able to decrypt and view any message, message data, content, attachments or Subject matter of any message sent or received. What you send, you control, it remains private at all times in an encrypted format.
3. INFORMATION WE HOLD ON YOUR DEVICE DURING THE USE OF THE APPLICATION.
Within the application on your mobile device and during use of the application information is stored in the iOS Keychain this includes:-
- Email address
- phone number,
- users connected with
- and images
This information is encrypted at all times and requires positive identification of the user to be viewed. The information is not available to YEO Messaging and remains under the custody of the user at all times. When the user requests to view this information through the application, the data is moved to the device cache memory and displayed only when positive Face identification is made.
4. INFORMATION WE REQUEST AND RETRIEVE WITH YOUR PERMISSION WHEN YOU REPORT AN ISSUE
From time to time upon user reporting an issue within the application our developer team will request access to “user logs” this is a string of information that pertains to the actions you have taken on the application, not to data you have sent. This information can only be accessed with your explicit consent and is not automatically gathered. The information includes:-
- Internet protocol (IP) address
- your login information, browser type and version,
- time zone setting,
- network data,
- browser plug-in types and versions
- operating system and platform
This data will be used to remedy any problems and not be used for any other reason.
Other Personal information you give us
- Information you provide when you submit queries or request customer services from us in relation to the Services, including copies of your messages, communications with us and your profile details
- Your email address if you sign up to receive marketing updates from our Website
We explicitly do not store, have access to or monitor.
- Any other personal information that is included in the messages and content you share with other YEO users through the App, including your chats, photos, videos and files. Information regarding your contacts and how you communicate with others, such as the profiles of people in our YEO contacts list and the names, profiles and members of any groups you have created or joined.
5. WHAT FACE DATA DO WE COLLECT, WHY AND HOW IS IT STORED
- User Avatar (Profile image)
- Biometric identification string (face data)
The user is asked to register their facial biometric during account creation. We collect the face data for facial recognition which is used to continuously authenticate the user during the app messaging functionality. There is no other planned uses for this data. We do not have any facial manipulation features.
Please note that the biometric string/face data is merely a reference for landing points on the face and cannot be used on alternative systems to identify the user.
The biometric data is stored both on the users’ phones and on our secure servers for backup and recovery purposes. On both the phone and our servers all appropriate security measures have been implemented to protect the data from unauthorised access.
This data is not shared with any third party.
The biometric facial recognition software used within YEO Messaging can not be used on other applications or on the device.
6. PERSONAL INFORMATION WE AUTOMATICALLY COLLECT WHEN YOU VIEW OUR WEBSITE
- information about your visit,
- full Uniform Resource Locators (URL) clickstream,
- through and from the Services (including date and time);
- pages you viewed or searched for;
- page response times,
- download errors,
- length of visits to certain pages,
- page interaction information (such as scrolling, clicks, and mouse-overs), and
- methods used to browse away from the page and
- any phone number used to call our customer service number.
7. HOW WE USE DATA Gathered from the Website
8. OTHER DATA COLLECTED
Personal information we receive from other sources
- Information we receive about you from other YEO users, e.g. to add you as a contact, send you a message or to raise a query or complaint about your account.
- Information provided by third-party service providers to provide the Services, e.g. the app stores who may provide us reports to help diagnose and fix services issues.
- Information provided by third party services used in connection with the Services, e.g. if you invite users to join you on YEO via an SMS or email. Please note that third-party services or plug-ins to the Services will be governed by their own terms and privacy. We also receive data from other third party services such as Google Analytics to track and report website traffic, Mailchimp for automated email marketing purposes, G Suite to monitor activity and app usage. For more information on how these companies handle your personal data, please refer to their privacy policies.
We will let you know at the point of collecting your information whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If the latter and you do not wish to provide us with this information, this may limit the services we are able to provide you.
You will be responsible for the accuracy of any personal data you provide us. If the data we hold about you is inaccurate in any way, please contact our Support Team firstname.lastname@example.org to have your personal information corrected.
Why do we collect your information and on what grounds?
We will only use your personal data if we have a permitted lawful basis to do so. We collect your personal data because:
- it is necessary for performing our contract for the Services with you
- it is necessary for the pursuit of our legitimate interests (as set out below)?
- it is necessary for complying with our legal obligations?
- you have explicitly consented to our doing so.
You have the right to withdraw your consent to these activities at any time, which will mean (unless another lawful basis applies to your data) that we will cease to process the affected data after consent is withdrawn. However, please note this may result in us being unable to provide you with certain features of the Services.
9. WHY DO WE COLLECT YOUR INFORMATION?
We’re required to ask for your explicit consent for certain information, including:
- The biometric data we collect to enable the facial recognition requirements of our Services
- The contact information we collect to send you contractually, marketing updates, promotions, news and offers.
- Profile Picture (Photo) we collect to ensure that those you connect with can clearly identify you along with your mobile phone number and email address. Proof of identity is critical to ensure your safety and protect you from identity fraud, phishing, and other imposters, criminal or nefarious activity.
We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous enquiry by you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have expressly consented to this.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the Services and App and/or checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please notify us in writing or by email at email@example.com
To perform our contract for the provision of the Services with you
- To operate and provide our Services, including to set up your profile, process your communications with other users of the Services, provide customer care support and provide you with information, products or other services you request from us.
- We collect and use information you allow us to receive through your device-based settings when you enable them (e.g. access to your GPS location, camera, photos, contacts list, finger ID) so we can provide the features and services described when you enable the settings.
For our legitimate interests
- For market research and analytical purposes, e.g. to improve our understanding of users’ usage of the Services.
- Improving, troubleshooting, customising, testing and developing new features for our Services.
- For verifying accounts and activity to promote the safety and security of our Services, including by investigating suspicious activity or violations of our Terms, and taking legal action against third parties who have committed criminal acts or are in breach of their legal obligations to YEO.
- For promoting, marketing and advertising our Services.
- Making important service communications about the Services (e.g. alerting you to changes in our terms of service).
- To handle any legal claims or regulatory enforcement actions taken against us.
To comply with our legal obligations
- To prevent, investigate and detect crime, fraud or anti-social behaviour and prosecute offenders, including by working with law enforcement agencies.
- To comply with our legal and regulatory obligations (including under applicable data protection laws).
10. WHO DO WE SHARE YOUR INFORMATION WITH?
Parties with whom we share your content
We do not sell or commercialise your personal data. However, you share your information as you use and communicate through our Services, and we share your information to help us operate, provide, improve, understand, customise, support, and market our Services. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. This means we may share your information with the following third parties:
- Other users of the Services, including your chosen recipients of messages sent through the Services and those who may search your name to send you a contact request. Although it is possible to opt-out through the settings menu on the app and then your profile will not be seen as a registered user by users who have your mobile device number in their contact directory.
- Our third-party service providers where necessary to provide the Services, including Apple Inc and Google LLC in connection with their hosting of the App on the app stores. We also use Google Analytics to track and report website traffic, MailChimp for automated email marketing purposes and G Suite to monitor activity and app usage.
- Third parties we use may be required to disclose such personal data to in order to comply with our legal obligations or enforce our legal rights, e.g. any relevant authority or enforcement body and fraud protection agencies.
11. HOW WE SECURE YOUR DATA
All of your personal information is protected and we have put in place appropriate physical, electronic, and management procedures to safeguard and secure the data we collect to prevent accidental loss, unauthorised use, access, altering or disclosure.
Access to your information is only accessible by employees who have authorised access rights to such information and on a need to know basis.
All messages are sent and received using encryption technology, which protects against us and any third parties from reading them and can only be decrypted through positive facial recognition of your profile on the phone.
Once we have received your information, we use strict procedures and the security features described above to prevent unauthorised access.
We have procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
12. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your data for as long as necessary to meet the relevant purposes for which we’ve collected your data. Generally, this will be until it is no longer necessary to use that data to provide our Services, meet any legal or reporting requirements or until your account is deleted, whichever is earlier.
To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorized use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.
You can delete your YEO account at any time by clicking “Delete My Account” on your profile or by making a specific request to have your information deleted to firstname.lastname@example.org. This will delete all your stored data and messages.
13. WILL YOUR DATA BE SENT ABROAD?
Our main data servers are located in the UK, Europe and the USA. We are committed to maintaining GDPR compliance and therefore will only permanently store personal details from EEA residents on European Servers with all US users’ data being held on our US servers. Occasionally we may need to transfer your personal information to other countries outside of the European Economic Area (including the United States) in order to provide you with the Services, which are not subject to equivalent data protection standards. Where this is the case, we will ensure that these are made subject to appropriate safeguards as required by applicable data protection laws, to ensure that a similar degree of protection is afforded to your personal data. These will include the use of EU Commission approved standard contractual clauses, making transfers to countries deemed to provide an adequate level of protection for personal data by the European Commission, or transferring data to recipients certified under the Privacy Shield regime. You can obtain further information about the safeguards in place for your international transfers of personal data by contacting us at email@example.com.
14. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
Under the GDPR, you have rights under data protection laws in relation to the personal data we hold about you. You can request to:
- Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so (such as to comply with a legal obligation).
- Be informed of what data we hold and the purpose for processing the data, as a whole or in parts.
- Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it).
- Correct or supplement any information we hold about you that is incorrect or incomplete.
- Restrict the processing of the information we hold about you (for example, so that inaccuracies may be corrected—but again, there may be circumstances where you ask us to restrict processing of your personal data but we are legally entitled to refuse that request).
- Object to the processing of your data.
- Obtain your data in a portable manner and reuse the information we hold about you.
- Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances—as above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request).
- Complain to a supervisory authority (e.g. the Information Commissioner’s Office (ICO) in the UK) if you think any of your rights have been infringed by us. (We would, however, appreciate the chance to address your concerns, so please contact us prior to taking this step).
You can make all such requests via email to firstname.lastname@example.org.
We will endeavour to respond to your requests within one month and free of charge.
Please note that in respect of all these rights, we reserve the right to:
refuse your request based on the exemptions set out in the applicable data protection laws.
request for proof of your ID to process the request or request further information
charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests
If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision.
You have the right to ask us not to process your personal data for marketing purposes. We will get your express opt-in consent before we use your data for such purposes or share your personal data with any third parties for such purposes, but you can exercise your right to prevent such processing by contacting us at the Company Address, via email at email@example.com, or by unsubscribing using the links contained in the marketing emails.
If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with our regulator, the Information Commissioner’s Office in the UK. We will notify you and any applicable regulator of a breach of your personal data when we are legally allowed to do so.
15. COOKIES AND OTHER TECHNOLOGIES
In common with many websites and apps, we use “cookies” to help us understand, secure, operate, and provide our Services.
You can delete cookies at any time or you can set your browser to reject or disable cookies or do this by changing your device settings, however, if you do this certain aspects of our Services may not function properly. Before any non-essential cookies are placed on your device, you will be shown a pop-up message requesting your consent to set those cookies. By default, most internet browsers accept cookies, but you can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. You can obtain information about how to manage cookies by clicking “help” on your browser’s menu, visiting www.aboutcookies.org or the FAQ pages of your device manufacturer.
We primarily use information from cookies for the following purposes:
- Traffic monitoring, e.g., the IP address from which you access the site, the type of browser and operating system used to access the site, the date and time of your access to the site, the pages you visit, and the Internet address of the website from which you accessed the site.
- To provide the Services for web and desktop and other Services that are web-based, improve your experiences, understand how our Services are being used, and customise our Services
- To recognise repeat visitors for statistical/analytical purposes.
- To understand which of our FAQs are most popular and to show you relevant content related to our Services
- To remember your choices, such as your language preferences, and otherwise to customise our Services for you
- To rank the FAQs on our website based on popularity, understand mobile versus desktop users of our web-based Services, or understand the popularity and effectiveness of certain of our web pages
16. THIRD-PARTY LINKS CONNECTED TO THE SERVICES
The YEO app, website and Services may, from time to time, contain links to and from the websites, apps or other services of our partners, service providers or social media pages. If you follow a link to any of these external websites or apps, please note that websites have their own privacy policies and that we are not in control of, and do not accept any responsibility or liability for these policies or any third party websites or apps connected from these Services. Please check these policies before you submit any personal information through these websites or apps.
ACCORDING TO CALIFORNIA ONLINE PRIVACY ACT (CALOPPA), WE AGREE TO THE FOLLOWING:
- Users can visit our site anonymously.
You can change your personal information through your profile in our App or by emailing us.
We honour Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
18. CHANGES TO THIS POLICY
You will be deemed to have accepted the terms of the updated Privacy & Cookie Policies on your first use of the Services or App following the alterations. Please check back frequently to see any updates or changes to our Privacy & Cookie Policies.
If you have any queries relating to this privacy notice (including any requests to exercise your legal rights in respect of your data), you can contact us at firstname.lastname@example.org or our DPO Luca Rognoni email@example.com
YEO Messaging Limited
C/O The Office Group,
1 Lyric Square
London, W6 0NB
(Registration no. 10785061)