LAST UPDATED AND EFFECTIVE : DECEMBER 17th, 2018
When you use these Services, you’ll share some information with us. So, we want to be upfront about the information we collect, how we use it, and the controls we give you to access, update, and delete your information.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.youreyeonly.com (the Site) or using Alternative Ideas’ mobile application (the App) or using any services offered through or associated with our Services or App (the Services), you are deemed to have accepted and consented to the practices described in this policy.
Please also read the YEO end user license agreement at www.youreyeonly.com/terms-of-use (“Terms“), which describes the terms under which you use our Services.
ABOUT THIS POLICY
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and disclosed by us.
This policy explains:
- what personal data we collect about you in the course of your use of our Services, why we collect it, who it goes to and how long we keep it
- how we use your personal data
- how we protect your personal data
- your legal rights in respect of your personal data, including how to access and update the information we hold about you.
For the purposes of applicable data protection laws, Alternative Ideas Limited (trading as “Your Eye Only” or “YEO”) is the controller of your data. This means we are the primary entity who decides the purposes and means for dealing with your personal data.
- Our company number is 10785061.
- Our registered address is Low Grounds Farm, Harleyford Lane, Marlow, England, SL7 2DU (with Trading Address of The Office Group, 12 Melcombe Place, Marylebone, London, NW1 6JJ).
- Our Data Protection Officer (“DPO”), who is responsible for matters relating to privacy and data protection, is Philip and he can be reached at email@example.com.
Please note that some of the provisions here will only apply if you are based in the EU.
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
We need to receive or collect some information to operate, provide, improve, understand, customize, support, and market our Services, including when you install, access, or use our Services. This includes:
Personal information you give us
- Information required to set up your profile to create a YEO account and manage our provision of the Services to you, name, mobile telephone number, email and photos (for both your profile picture and setting up your profile through our face recognition technology).
- Any other personal information included in the messages and content you share with other YEO users through the App, including your chats, photos, videos and files. Information regarding your contacts and how you communicate with others, such as the profiles of people in our YEO contacts list and the names, profiles and members of any groups you have created or joined.
- Payment details required to process your Services subscriptions.
- Information you provide when you submit queries or request customer services from us in relation to the Services, including copies of your messages, communications with us and your profile details.
- Your email address if you sign up to receive marketing updates from our Website.
- Biometric data, spatial data (location data) and behavioural data.
Personal information we automatically collect
- Various technical information we automatically collect from your device depending on your chosen use of our Services including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, location, network data, browser plug-in types and versions, languages, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Services (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
We also collect some device and connection-specific information when you install, access, or use our Services. This includes information like hardware model, operating system information, battery level, signal strength, app version, mobile operator or ISP, language and time zone, device operations information, and device identifiers.
We use this information as statistical data about your browsing actions and patterns, for system administration, and to evaluate, provide, protect or improve our Services (including by developing new products and services). Because we collect, use and share this information in the aggregate, it does not identify any individual.
Personal information we receive from other sources
- Information we receive about you from other YEO users, e.g. to add you as a contact, send you a message or to raise a query or complaint about your account.
- Information provided by third party service providers to provide the Services, e.g. the app stores who may provide us reports to help diagnose and fix services issues, process subscription payments on our behalf, or to discuss a refund request you have made through them.
- Information provided by third party services used in connection with the Services, e.g. if you use the Facebook or Twitter share button to invite your social media contacts to join YEO, we will receive information about your social media profiles. Please note that third-party services or plug-ins to the Services will be governed by their own terms and privacy. We also receive data from other third party services such as Google Analytics to track and report website traffic, Mailchimp for automated email marketing purposes, G Suite to monitor activity and app usage and Luxand for facial recognition services. For more information on how these companies handle your personal data, please refer to their privacy policies.
We will let you know at the point of collecting your information whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If the latter and you do not wish to provide us with this information, this may limit the services we are able to provide you.
You will be responsible for the accuracy of any personal data you provide us. If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected.
Why do we collect your information and on what grounds?
We will only use your personal data if we have a permitted lawful basis to do so. Generally we collect your personal data because:
- you have explicitly consented to our doing so.
- is it necessary for performing our contract for the Services with you.
- is it necessary for the pursuit of our legitimate interests (as set out below).
- is it necessary for complying with our legal obligations.
You have the right to withdraw your consent to these activities at any time, which will mean (unless another lawful basis applies to your data) that we will cease to process the affected data after consent is withdrawn. However, please note this may result in us being unable to provide you with certain features of the Services.
WHY DO WE COLLECT YOUR INFORMATION?
We have your explicit consent to do so.
We’re required to ask for your explicit consent for certain information, including:
- The biometric data we collect to enable the facial recognition requirements of our Services
- Contact information we collect to send you marketing updates, promotions, news and offers.
- Profile Picture (Photo) we collect to ensure that those you connect with can clearly identify you along with your mobile phone number and email address.
We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous enquiry by you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have expressly consented to this.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the Services and App and/or checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please notify us in writing or by email at firstname.lastname@example.org.
To perform our contract for provision of the Services with you
- To operate and provide our Services, including to set up your profile, process your communications with other users of the Services, provide customer care support, manage payments for your subscriptions and to provide you with information, products or other services you request from us.
- We collect and use information you allow us to receive through your device-based settings when you enable them (e.g. access to your GPS location, camera, photos, contacts list, finger ID) so we can provide the features and services described when you enable the settings.
For our legitimate interests
- For market research and analytical purposes, e.g. to improve our understanding of users’ usage of the Services.
- Improving, troubleshooting, customizing, testing and developing new features for our Services.
- For verifying accounts and activity to promote the safety and security of our Services, including by investigating suspicious activity or violations or our Terms, and taking legal action against third parties who have committed criminal acts or are in breach of their legal obligations to YEO.
- For promoting, marketing and advertising our Services.
- Making important service communications about the Services (e.g. alerting you to changes in our terms of service).
- To handle any legal claims or regulatory enforcement actions taken against us.
To comply with our legal obligations
- To prevent, investigate and detect crime, fraud or anti-social behavior and prosecute offenders, including by working with law enforcement agencies.
- To comply with our legal and regulatory obligations (including under applicable data protection laws).
HOW WE SECURE YOUR DATA
All of your personal information is protected and we have put in place appropriate physical, electronic, and management procedures to safeguard and secure the data we collect. Your information is stored on secure cloud databases, internal servers, and on third party softwares. Your personal information is protected by using security measures such as encryptions and AWS firewall. Your information is only accessible by employees who have authorised access rights to such information. All of your payment information is encrypted using SSL technology.
To provide maximum security for your messages, your conversations and content will only be stored on our cloud servers and never on the recipient’s device. All messages are sent and received through double ratchet end-to-end encryption technology, which means that your messages are encrypted to protect against us and third parties from reading them and can only be decrypted through positive facial recognition of your profile.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Services or App; any transmission is at your own risk. Once we have received your information, we use strict procedures and the security features described above to try to prevent unauthorised access.
WHO DO WE SHARE YOUR INFORMATION WITH?
parties with whom we share your content
We do not sell, store or commercialize your personal data. However, you share your information as you use and communicate through our Services, and we share your information to help us operate, provide, improve, understand, customize, support, and market our Services. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. This means we may share your information with the following third parties:
- Other users of the Services, including your chosen recipients of messages sent through the Services and those who may search your name to send you a contact request.
- Our third party service providers where necessary to provide the Services, including Apple Inc and Google LLC in connection with their hosting of the App on the app stores. We also use Google Analytics to track and report website traffic, MailChimp for automated email marketing purposes and G Suite to monitor activity and app usage. We use AWS for cloud storage services and Luxand for facial recognition services and associated payment services.
- Any potential or actual third party buyer of our business and/or assets in the event that we sell, trade or licence ownership of any part of the YEO business or assets (including management of the app and our website).
- Third parties we may be required to disclose such personal data to in order to comply with our legal obligations or enforce our legal rights, e.g. any relevant authority or enforcement body and fraud protection agencies.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your data for as long as necessary to meet the relevant purposes for which we’ve collected your data. Generally this will be until it is no longer necessary to use that data to provide our Services, meet any legal, accounting or reporting requirements or until your account is deleted, whichever is earlier.
To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorized use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.
You can delete your YEO account at any time by clicking “Delete My Account” on your profile. This will delete all your stored data and messages. Please note that if you only delete our app from your device rather than through this in-app feature, your information may be stored with us for a longer period. Deleting your account also does not affect the information other users have relating to you, such as their copy of the messages you sent them. Please note that your subscription will need to be cancelled manually through your phone or app store settings.
You can also change or limit your information by changing your settings within the YEO app to manage your contacts, groups, edit your profile picture and name, or delete users from your contacts list or messages.
WILL YOUR DATA BE SENT ABROAD?
Our main data servers are located in the UK, and the USA. We are committed to maintaining GDPR compliance and therefore will only permanently store personal details from EEA residents on European Servers with all US users’ data being held on our US servers. Occasionally we may need to transfer your personal information to other countries outside of the European Economic Area (including the United States) in order to provide you with the Services, which are not subject to equivalent data protection standards. Where this is the case, we will ensure that these are made subject to appropriate safeguards as required by applicable data protection laws, to ensure that a similar degree of protection is afforded to your personal data. These will include the use of EU Commission approved standard contractual clauses, making transfers to countries deemed to provide an adequate level of protection for personal data by the European Commission, or transferring data to recipients certified under the Privacy Shield regime. You can obtain further information about the safeguards in place for your international transfers of personal data by contacting us.
YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
Under the GDPR, you have rights under data protection laws in relation to the personal data we hold about you. You can request to:
- Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so (such as to comply with a legal obligation).
- Be informed of what data we hold and the purpose for processing the data, as a whole or in parts.
- Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it).
- Correct or supplement any information we hold about you that is incorrect or incomplete.
- Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected—but again, there may be circumstances where you ask us to restrict processing of your personal data but we are legally entitled to refuse that request).
- Object to the processing of your data.
- Obtain your data in a portable manner and reuse the information we hold about you.
- Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances—as above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request).
- Complain to a supervisory authority (e.g. the Information Commissioner’s Office (ICO) in the UK) if you think any of your rights have been infringed by us. (We would, however, appreciate the chance to address your concerns, so please contact us prior to taking this step).
You can make all such requests via email to email@example.com.
We will endeavor to respond to your requests within one month and free of charge.
Please note that in respect of all these rights, we reserve the right to:
- refuse your request based on the exemptions set out in the applicable data protection laws.
- request for proof of your ID to process the request or request further information
- charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests
If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision.
You have the right to ask us not to process your personal data for marketing purposes. We will get your express opt-in consent before we use your data for such purposes or share your personal data with any third parties for such purposes, but you can exercise your right to prevent such processing by contacting us at the Company Address, via email at firstname.lastname@example.org, or by unsubscribing using the links contained in the marketing emails.
If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with our regulator, the Information Commissioner’s Office in the UK.
We will notify you and any applicable regulator of a breach of your personal data when we are legally allowed to do so.
COOKIES AND OTHER TECHNOLOGIES
In common with many websites and apps, we use “cookies” to help us understand, secure, operate, and provide our Services.
You can delete cookies at any time or you can set your browser to reject or disable cookies or do this by changing your device settings, however if you do this certain aspects of our Services may not function properly. Before any non-essential cookies are placed on your device, you will be shown a pop-up message requesting your consent to setting those cookies. By default, most internet browsers accept cookies, but you can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. You can obtain information about how to manage cookies by clicking “help” on your browser’s menu, visiting www.aboutcookies.org or the FAQ pages of your device manufacturer.
We primarily use information from cookies for the following purposes:
- Traffic monitoring, e.g., the IP address from which you access the site, the type of browser and operating system used to access the site, the date and time of your access to the site, the pages you visit, and the Internet address of the website from which you accessed the site.
- To provide the Services for web and desktop and other Services that are web-based, improve your experiences, understand how our Services are being used, and customise our Services
- To recognize repeat visitors for statistical/analytical purposes.
- To understand which of our FAQs are most popular and to show you relevant content related to our Services
- To remember your choices, such as your language preferences, and otherwise to customize our Services for you
- To rank the FAQs on our website based on popularity, understand mobile versus desktop users of our web-based Services, or understand popularity and effectiveness of certain of our web pages
THIRD PARTY LINKS CONNECTED TO THE SERVICES
The YEO app, website and the Services may, from time to time, contain links to and from the websites, apps or other services of our partners, service providers or social media pages. If you follow a link to any of these external websites or apps, please note that websites have their own privacy policies and that we are not in control of, and do not accept any responsibility or liability for these policies or any third party websites or apps connected from these Services. Please check these policies before you submit any personal information through these websites or apps.
ACCORDING TO CALOPPA, WE AGREE TO THE FOLLOWING:
Users can visit our site anonymously.
You can change your personal information through your profile in our App or by emailing us.
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
CHANGES TO THIS POLICY
You will be deemed to have accepted the terms of the updated Privacy & Cookie Policies on your first use of the Services or App following the alterations. Please check back frequently to see any updates or changes to our Privacy & Cookie Policies.
If you have any queries relating to this privacy notice (including any requests to exercise your legal rights in respect of your data), you can contact us at email@example.com.
Alternative Ideas Limited
C/O The Office Group,
12 Melcombe Place,
London, NW1 6JJ
(Registration no. 10785061)