Promofy

Privacy Policies

Who we are?

Promofy (“Promofy”, “we”, “us” or “our”, as appropriate) respects an individual’s privacy and will only collect, use or disclose your personally identifiable information (personal information) following its Privacy Policy. We recognize every individual’s right to privacy and acknowledge our obligation to preserve the confidentiality of personal information. This Privacy Policy governs the collection, use, storage, and disclosure of the personal information of the users (“User(s)” or “you”) of our website https://promofy.mcma.app (“Website”), products, and services. Promofy is responsible for how we collect, handle, and use this information.

Promofy reserves the right to update its Privacy Policy at any time and such modifications shall be effective immediately unless otherwise stated.

Please note that this Privacy Policy constitutes an integral part of the terms and conditions of use of our Website, in addition to any terms and conditions specific to the use of our Apps, as applicable.

Please read this privacy notice carefully as it will help you understand what we do with the information that we collect.

1. What Information Do We Collect?

– Personal information you disclose to us.

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Website, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Website (such as by posting messages in our online forums or entering competitions, contests or giveaways) or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the Website, the choices you make and the products and features you use. The personal information we collect may include the following:

 

– Personal Information Provided by You. We collect names; email addresses; phone numbers; and other similar information.

– Social Media Login Data. We may provide you with the option to register using your social media account details, like your Facebook, Twitter or other social media accounts. If you choose to register in this way, we will collect the information described in the section called “HOW DO WE HANDLE YOUR SOCIAL LOGINS” below.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such information.

– Information automatically collected.

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Website.

We automatically collect certain information when you visit, use or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Website and other technical information. This information is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes.

– The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Website and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activities in the Website (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called ‘crash dumps’) and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet or other device you use to access the Website. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware mode, Internet service provider and/or mobile carrier, operating system and system configuration information.
  • Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Website. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling the Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

In Short: We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share your data that we hold based on the following legal basis:

  • Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
  • Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
  • Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may need to process your data or share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Website, which will enable them to collect data on our behalf about how you interact with our Website over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features, and better understand online activity. Unless described in this notice, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes. We have contracts in place with our data processors, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.
  • Other Users. When you share personal information (for example, by posting comments, contributions or other content to the Website) or otherwise interact with public areas of the Website, such personal information may be viewed by all users and may be publicly made available outside the Website in perpetuity. If you interact with other users of our Website and register for our Website through a social network (such as Facebook), your contacts on the social network will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Website, and view your profile.

In Short: We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share your data that we hold based on the following legal basis:

  • Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
  • Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
  • Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may need to process your data or share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Website, which will enable them to collect data on our behalf about how you interact with our Website over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features, and better understand online activity. Unless described in this notice, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes. We have contracts in place with our data processors, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.
  • Other Users. When you share personal information (for example, by posting comments, contributions or other content to the Website) or otherwise interact with public areas of the Website, such personal information may be viewed by all users and may be publicly made available outside the Website in perpetuity. If you interact with other users of our Website and register for our Website through a social network (such as Facebook), your contacts on the social network will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Website, and view your profile.

In Short: We only share information with the following third parties.

We only share and disclose your information with the following third parties. We have categorized each party so that you may easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to revoke your consent, please contact us using the contact details provided in the section below titled “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”.

  • Advertising, Direct Marketing, and Lead Generation: Google AdSense and Facebook Audience Network
  • Allow Users to Connect to Their Third-Party Accounts: Facebook account
  • Cloud Computing Services: Amazon Web Services (AWS)
  • Communicate and Chat with Users: Crisp
  • Content Optimization: Google Fonts
  • Data Backup and Security: Amazon Glacier
  • Retargeting Platforms: Facebook Remarketing and Google Ads Remarketing
  • User Account Registration and Authentication: Google OAuth 2.0 and Facebook Login
  • User Commenting and Forums: Facebook Comments
  • Web and Mobile Analytics: Google Analytics and Google Tag Manager
  • Website Performance Monitoring: Sentry

1. Access to Personal Information

Individuals have the right to request access to the personal information that our organization holds about them. The following procedures will be followed:

  • Requests should be made in writing to the designated Data Protection Officer (DPO) or relevant contact person.
  • The organization will verify the identity of the requester before providing access to the personal information.
  • Access requests will be fulfilled without undue delay and within one month of receiving the request.
  • The information provided will be clear, concise, and in an intelligible format.

2. Deletion of Personal Information

Individuals have the right to request the deletion of their personal information under certain circumstances. The following procedures will be followed:

  • Deletion requests should be made in writing to the designated Data Protection Officer (DPO) or relevant contact person.
  • The organization will verify the identity of the requester before processing the deletion request.
  • Personal information will be deleted without undue delay where one of the legal grounds for deletion exists, such as when the data is no longer necessary for the purpose for which it was collected.
  • In cases where deletion is not possible or necessary, the individual will be provided with an explanation.

1. Purpose of Data Retention

The purpose of data retention is to manage the lifecycle of information, balancing the need to retain data for operational purposes with the obligation to protect individuals’ privacy and comply with legal requirements.

2. Data Categories and Retention Periods

The organization classifies data into categories based on its nature and sensitivity. Each category has an associated retention period that specifies the duration for which the data will be stored. The retention periods are determined by legal requirements, contractual obligations, and operational needs. A regular review of these periods will be conducted to ensure ongoing compliance.

3. Data Retention Responsibilities

  • Data Owners: Individuals or departments responsible for the creation, collection, and maintenance of data are also responsible for determining the appropriate retention period in consultation with legal and compliance teams.
  • Data Custodians: Individuals or departments responsible for the storage and security of data must adhere to the established retention periods and facilitate the secure disposal of data when it reaches the end of its lifecycle.

4. Data Disposal and Deletion

At the end of the retention period, data will be securely disposed of or deleted in a manner that prevents unauthorized access. The organization will employ appropriate methods, such as shredding or secure erasure, to ensure the irreversible destruction of the data.

5. Exceptions to Data Retention

Exceptions to data retention periods may occur in the following circumstances:

  • Legal or regulatory requirements necessitate a longer retention period.
  • Data is required for the establishment, exercise, or defense of legal claims.
  • Consent for data retention has been obtained from the data subject.

6. Data Inventory and Audits

The organization will maintain an inventory of all data categories, their respective retention periods, and the locations where the data is stored. Regular audits will be conducted to ensure compliance with the data retention policy.

Individuals have the following privacy rights:

  • Right to Access: You have the right to obtain confirmation as to whether or not your personal data is being processed and, if so, access to that personal data.
  • Right to Rectification: You have the right to request the rectification of inaccurate personal data and to have incomplete personal data completed.
  • Right to Erasure (Right to be Forgotten): You have the right to request the erasure of your personal data under certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.
  • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain circumstances, such as when the accuracy of the data is contested.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller.
  • Right to Object: You have the right to object to the processing of your personal data under certain circumstances, including processing for direct marketing purposes.

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting that you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted and that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

*European Economic Area (EEA) Notice

1. Introduction

This policy outlines the procedures and guidelines for providing notice to individuals within the European Economic Area (EEA) regarding the collection, processing, and protection of their personal data in accordance with the General Data Protection Regulation (GDPR).

This policy applies to all entities within our organization that collect, process, or store personal data of individuals within the EEA.

Whenever personal data is collected from individuals within the EEA, a clear and concise notice will be provided. This notice will include:

The identity and contact details of the data controller.
The purpose of processing the personal data.
The legal basis for processing the data.
The recipients or categories of recipients of the personal data.
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The period for which the personal data will be stored.
The existence of the right to request access, rectification, erasure, or restriction of processing.
The right to withdraw consent at any time (if applicable).
The right to lodge a complaint with a supervisory authority.

Where applicable, explicit and informed consent will be obtained from individuals within the EEA before processing their personal data. The purpose of the data processing will be clearly communicated, and individuals will have the option to withdraw their consent at any time.

Personal data of individuals within the EEA will be treated with the utmost confidentiality and security. Appropriate technical and organizational measures will be implemented to protect against unauthorized access, disclosure, alteration, and destruction of personal data.

Individuals within the EEA have rights concerning their personal data, including the right to access, rectify, erase, and restrict processing. Requests from data subjects will be promptly addressed in accordance with applicable data protection laws.

In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals within the EEA, the relevant supervisory authority and affected individuals will be notified in accordance with the GDPR.

This policy will be regularly reviewed to ensure its continued effectiveness and compliance with applicable data protection laws. Updates will be made as necessary, and all relevant stakeholders will be informed of any changes.

All employees and entities within our organization are responsible for adhering to this EEA Notice Policy. Failure to comply may result in disciplinary action.