Collart - Privacy Policy

Last updated: Mar 20th, 2024

Welcome to Collart!

1. Introduction

Collart (hereinafter referred to as “Collart”, “we” or “us”) takes your privacy very seriously, and we are committed to protecting and respecting your privacy. That value powers all of the decisions we make, including how we collect, use, share, store and respect your personal data. Please read this Privacy Policy carefully so that you can make appropriate decisions on an informed and freely given basis.

2. Scope

This Privacy Policy applies to users of our services anywhere in the world, including users of our applications, official websites or other services (“the Service”), unless covered by a separate privacy policy or additional terms of this policy. It is important that you read this Privacy Policy with any other privacy policy or fair processing policy we may provide on specific occasions, so that you are fully aware of when, why and how we collect and process your personal data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

By using our Apps or accepting our services, including without limitation accessing our applications, you acknowledge the terms of this Privacy Policy. If you object to anything described in this Privacy Policy, please do not use our websites or our Apps.

We may amend this Privacy Policy from time to time, and we will notify you about such changes by posting the amended version on our websites or applications. Please check back periodically to ensure that you are aware of any changes, and your continued use of our services will be deemed your acceptance of these changes.

Unless otherwise prescribed in the Privacy Policy, the terms in the Privacy Policy shall have the same implications with the terms in the Terms of Service.

PLEASE NOTE THAT, this Privacy Policy does not apply to the following cases:

• Any information or personal data collected by any third-party services, products, applications, websites and/or platforms, such as Instagram, regardless of whether they are accessible through our applications and/or websites; or
• Any information or personal data collected by other companies or institutions that provide advertising services through our applications and/or websites.
  

In such circumstances, you should refer directly to privacy policies for the relevant third party.

3. Data Controller and Data Processor

Collart is both the data controller and data processor, who determines the purposes and methods of the data processing with respect to your personal data collected by us, and is responsible for the data processing with respect to your use of our services. You can contact us in the following ways: Email address: DPO@collart.app

4. Personal Data We Collect

Personal data, or personal information, means any information that identifies (whether directly or indirectly) a particular natural person, such as the name, email address, phone number, identification number, location data, or an online identifier, etc. It does not include data where the identity has been removed (anonymous data).

We may collect your personal data as follows:

• Contact Details. If you contact us and provide us with your personal information, we may collect such name and email address for responding product feedback, complaints, bug reports, or any other service-related questions;
• Transaction Records. We provide in-app purchases to our users, and such purchases will be made through Apple Store or other third-party service providers. To provide you with the corresponding products, we may receive transaction records from third-party service providers, but you cannot be identified from those transaction records；
• Technical Information. WE WILL NOT collect technical information about the device(s) and/or browsers (including without limitation your IP address, browsing type, mobile model, operating systems, network type and other browser settings/preference) you may use. However, we may use such pseudonymization technical information provided by Google Analytics (to know how Google Analytics collects and processes your personal data when you use any websites and/or applications that have established a partnership with Google, please refer to this link: https://policies.google.com/privacy/google-partners?hl=en-US；
• Data Related to The Service. We collect abstracted data related to your use of our applications. This includes your country and your internet service provider. You cannot be identified from those abstracted data；

WE DO NOT and will never collect your personal information without notifying you and obtaining your permission.

Children Under 16
WE DO NOT knowingly collect or store any personally identifiable information from children under 16. If parents believe that we have unintentionally collected their childrens’ personal information, please contact us to delay the information via appropriate means as set forth in the “Contact Us” Section of this Privacy Policy.

If You Fail to Provide Personal Data
If you fail to provide the personal data as requested where we need to collect such personal data by law, under the terms of a contract we have with you, to enter into a contract with you, or to provide you with the services, we may not be able to perform the contract we have or are trying to enter into with you, or to provide you with, in part or in a whole, certain features or the services that you request.

5. How We Use Your Personal Data

We will use the personal data we collect about you in accordance with the laws of applicable jurisdictions in the following ways:

• To enter into and to perform our contract with you, or to perform any steps you require from us before entering into a contract with you;
• To communicate with you, including but not limited to responding to your request for any help with our services or for exercising your rights with respect to your personal data;
• To provide support and security for our applications or any other services you request;
• To comply with our legal obligations under relevant laws, regulations, and orders (including subpoenas), injunctions, or any other legal documents issued by the court or competent governmental or regulatory authorities.
• To pursue our legitimate interests (or those of a third party) as we deem fit and necessary, where your interests and fundamental rights do not override those legitimate interests of ours (or a third party’s), such as:
  • to understand, improve, optimize and develop our services;
  • to conduct research and monitor the quality of our services;
  • to enforce our Terms Agreement; or
  • to respond to complaints, hearings, arbitrations, lawsuits, or other governmental or regulatory proceedings.

PLEASE NOTE THAT WE DO NOT sell or share your personal data with any third parties for their direct marketing, but those third parties who provide us with SDKs may collect your personal data directly, please refer to “How We Share Your Personal Data” Section for detailed information.

WE WILL NOT use in-depth processing of your personal data to obtain your biometric information.

6. How We Share Your Personal Data

We may share your information with our vendors that perform support and other services in connection with our Services as follows:

• with advertising service providers and advertising partners that enable us to conduct and display advertising on our applications, websites, and third-party sites, applications, or social media platforms;
• with third parties for collaborative offerings, legal and safety purposes, in connection with the sale or transfer of a business or asset, for use in aggregate or anonymous form, and for other purposes with your permission.

Security of Your Personal Data
The security, integrity, and confidentiality of your personal data are extremely important to us. We will use various technologies and administrative measures to protect your personal data which have been collected and/or stored by us from being lost, misused, unauthorized accessed or leaked. In addition, all processing by our staff are based on their work assignments and bound by confidentiality obligations.

PLEASE NOTE THAT, despite our best efforts to provide security protections for your personal data, due to the limit of technology as well as various possible malicious means in the internet industry, no security measures are perfect or impenetrable. We will regularly review our security procedures to consider appropriate new technology and methods.

7. Where We Store Your Personal Data

Generally, we only store your edited contents on Firebase, and remotely access to such contents via Firebase instead of storing on our server. Also, we may collect and use your personal data to the extent for responding to your request, but such data will not be stored in our local device or server.

To be specific, if you contact us for feedback, complaints, bug reports, or questions regarding your personal data, we may collect and use your technical information about the device(s) and/or browsers (including without limitation your IP address, browsing type, mobile model, operating systems, network type and other browser settings/preference) you may use, and we will only retain such data and your contact details (such as email address) on Google Sheet, instead of our local device and/or server.

PLEASE NOTE THAT any of your personal data stored by us will not be transmitted outside of United States, and we will take reasonable technological and organizational measures to safeguard your personal data during the entire time of the storage of your personal data.

8. How Long We Store Your Personal Data

Generally, WE DO NOT store your personal data unless we otherwise express it in this Privacy Policy. In the case we need to retain your personal data for the purposes stated in this Privacy Policy, such retention will be limited to the necessary period permitted by applicable laws and regulations.

For example, when you contact us for feedback, complaints, bug reports, or questions regarding your personal data, we will store such data and your personal contact details (such as email address) to the extent for responding to your request, and then immediately delete the same properly, EXCEPT THAT we have other legitimate basis (such as complying with our legal obligations, resolving disputes, and enforcing our agreements) for keeping such data.

9. California Consumer Privacy Act (“CCPA”)

If you are a California resident, the supplemental terms in this section may apply to you. PLEASE NOTE THAT we may request proof of California residency before responding to requests made under this section.
Right to Opt-out.

WE DO NOT sell your personal data or share, exchange your personal data with any third party. Therefore, WE DO NOT offer an opt-out to the sale of personal data as required by CCPA.

Right to know. You may submit a verifiable request for us to provide the following information, which we may be able to provide you no more than twice in a 12-month period free of charge:

• The specific pieces of personal information we have about you;
• The categories of personal information we collected, sold, or disclosed for a business purpose about you within the last 12 months;
• The categories of sources from which the personal information was collected;
• The purposes for which the information was collected or sold; and
• The categories of third parties to whom the information was sold, disclosed for a business purpose, or otherwise shared.
  

If possible, we will provide this information to you in a readily usable format that allows transmission to another entity.

Right to Data Portability. You have the right to request certain copies of your personal data you have provided to us, to move data from one company to another (often called the right to data portability).

PLEASE NOTE THAT we may not be able to provide any copy of your personal data since we usually do not store any of your personal data.

You may submit a verifiable request for us to delete the personal information we have collected about you. We may retain personal information necessary to:

• protect our business, systems, and users from fraudulent activity;
• comply with law enforcement requests pursuant to lawful process; or
• for scientific or historical research.
  

YOU WIll NOT be discriminated against(such as price discrimination) for exercising your rights under CCPA.

Please contact us via appropriate means as set forth in the “Contact us” Section of this Privacy Policy if you would like to exercise your rights under this section.

10. General Data Protection Regulation (“GDPR”)

If you are a resident in the EEA, Switzerland or the UK (the “European Region”), supplemental terms in this section may apply to you:

International data transfers
If you normally reside in the European Region, the personal data that we collect from you will be further transferred to, and stored at, a destination outside of the European Region (for instance, to our service providers and partners). These transfers are made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.

You have the following rights:

• The right to request free of charge (i) confirmation of whether we process your personal data and (ii) access to a copy of the personal data retained;
• The right to request proper rectification or removal of your personal data or restriction of the processing of your personal data;
• Where the processing of your personal data is either based on your consent or necessary for the performance of a contract with you and processing is carried out by automated means, the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to have your personal data transmitted directly to another company, where technically feasible (data portability);
• Where the processing of your personal data is based on your consent, the right to withdraw your consent at any time (withdrawal will not impact the lawfulness of data processing activities that have taken place before such withdrawal);
• The right not to be subject to any automatic individual decisions, including profiling, which produces legal effects on you or similarly significantly affects you unless we have your consent, this is authorized by Union or Member State law or this is necessary for the performance of a contract;
• The right to object to processing if we are processing your personal data on the basis of our legitimate interest unless we can demonstrate compelling legitimate grounds which may override your right. If you object to such processing, we ask you to state the grounds for your objection in order for us to examine the processing of your personal data and to balance our legitimate interest in processing and your objection to this processing;
• The right to object to processing your personal data for direct marketing purposes; and
• The right to lodge complaints before the competent data protection regulator.

Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details. Please send an e-mail to us if you would like to exercise any of your rights.

11. Supplemental Terms

Additionally, the following SDK providers may collect and use your personal data:

• Google AdMob. We use Google AdMob as an advertising provider, and it may track your browsing history for online behavioral advertising purposes, such as your visits to the contents and ads on third-party websites, applications and platforms, and collect your Advertising ID, in order for you to receive relevant interest-based advertising when you use any websites and/or applications have established partnership with Google (to know how Google AdMob collect and process with your personal data when you use any websites and/or applications have established partnership with Google AdMob, please refer to this link: https://support.google.com/admob/answer/6128543?hl=en&ref_topic=2745287
• Google Analytics. We use Google Analytics to understand the functionality of our APP, which may collect technical information about the device(s) and/or browsers (including without limitation your IP address, browsing type, mobile model, operating systems, network type and other browser settings/preference) you may use (to know how Google Analytics collects and process with your personal data when you use any websites and/or applications have established a partnership with Google Analytics, please refer to this link: https://policies.google.com/privacy/google-partners
• Firebase. We use Firebase for statistics service as follows:
  • Firebase Crashlytics: which may collect and use your Crash Trace data to associate crashes with a project, send email alerts to project members and display them in the Firebase Console, and help Firebase customers debug crashes; uses Crashlytics Installation UUIDs to measure the number of users impacted by a crash and minidump data to process NDK crashes; and the minidump data is stored while the crash session is being processed and then discarded.
  • Firebase Remote Config: This may collect and use your Firebase installation IDs to select configuration values to return to end-user devices.

To know how Firebase collects and processed your personal data when you use any websites and/or applications that have established a partnership with Firebase, please refer to this link: https://firebase.google.com/support/privacy.

Advertising
WE WILL NOT send you any promotional information by email, SMS, physical or telephone. PLEASE NOTE THAT, we use Google AdMob as an advertising provider, any advertising on our applications is published and controlled by them instead of us, and therefore, if you click those advertising links to any third party, you shall read their privacy policies carefully, and you shall understand that their privacy policies are not controlled or covered by us.

Your Rights and Controls
You have rights under applicable data protection law in relation to our use of your personal data, including:

• Data Access. You have the right to request access to your personal data;
• Rectification. You have the right to update or amend your personal data if it is inaccurate or incomplete;
• Objection. You have the right to object to certain uses of your personal data, including direct marketing, processing based on legitimate interests, and processing for purposes of scientific or historical research and statistics, on grounds relating to your particular situation;
• Erasure. You have the right to request the deletion of your personal data, or restrict its use, in certain circumstances (for example you can request that we erase your personal data where it is no longer necessary for the purpose for which it was collected unless certain exceptions apply);
• Portability. You have the right to request certain copies of your personal data you have provided to us, to use for your own purposes (often called the right to data portability). PLEASE NOTE THAT we may not be able to provide any copy of your personal data since we usually do not store any of your personal data;
• Withdrawing Consent. If we are processing your personal information based on your consent you can withdraw your consent at any time by changing “Settings” on the APP or by sending a communication to us specifying which consent you are withdrawing. PLEASE NOTE THAT the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal; and
• Lodging Complaints. You have the right to lodge complaints about our data processing activities by filing a complaint with our Data Officer who can be reached by the “Contact Us” section above or lodge a complaint with the relevant supervisory authority or bring a legal action.

If you have any questions about these rights or you would like to exercise any of them, please contact us via appropriate means as set forth in the “Contact us” Section of this Privacy Policy. Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details. PLEASE NOTE THAT your ability to access or control your personal data will be limited in some cases, as required or permitted by applicable law.

PLEASE NOTE THAT, if you decide not to provide the personal data we request (such as your contact details to communicate with you) we may not be able to timely or adequately respond to your needs or proposals with respect to your rights as set forth above.
You may exercise your data protection rights by “Settings” on the APP as follows:

• If you have created an account, you can delete your account information (e.g. subscription information, payment information, contact details) through “Settings”.
• If you want to access or control personal data collected and processed by us, which is not available by “Settings” on the APP, you can contact the “Data Officer” on “Settings” or contact us via the methods we provide in the “Contact Us” Section hereinafter.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise your rights in respect of your personal data, please contact us in the following ways:
Email address: support@collart.app