Before you begin your adventure with Actaware, take a moment to read the information about the legal basis of our Website and the Application. We promise it will not take you more than a few minutes (you’ll certainly get that time back later by using our app). Together with the team behind Actaware we know very well how important transparency of information and the proper protection of data are.
) and our Application and your rights towards it, as well as the rules of sharing particular information with third parties.
This document and some expressions used in it are compatible with the Terms and Conditions of our application. You can find it here.
Since our users may be subject to various regulations regarding online data protection obligations as well as data subjects’ rights, we strive to provide our users with a standard of protection equivalent to that set by the General Data Protection Regulation
(Protecting data belonging to EU citizens and residents) and the California Consumer Privacy Act
and the California Privacy Rights Act
, which establishes the safest rules for processing personal data. If you are a California resident, please read about your rights below.
What types of data do we collect?
We collect data that contains personal information about you (Personal Data
) as well as the information
generated by the devices you use when using our Website or applications (Non-personal Data
). For full transparency of our operations, we have divided the types of data we collect into types of data collected within the application and within the site. Please note that under data protection laws, you have individual rights only with respect to data that concerns you.
We may collect, store, and use the following categories of personal data:
provided by you when creating an account on the app:
- your name, e-mail, password, and country of origin,
- when signing in via third-party application login (such as Google, Facebook, or Apple account): you authorize us to access certain account information from that third-party application, such as basic profile information, name, profile picture, e-mail address (optional), current city (optional), camera permission to scan product barcode, data obtained as part of completing your profile (optionally provided by you): date of birth, gender/gender identification,
- data extracted from responses to our survey questions (depending on what you decided to answer according to your preferences): your views towards human and employee rights; diversity equity and inclusion; environment; animal care; corporate transparency; business involvement; the origin of certain products; food; personal care products, political views, religion/philosophical views, food restrictions and allergies, device identifier, accident log, user settings and the operating system of your device, information about your use of our App, telemetry data such as clique mapping, focus time on a given piece of information, IP address, scan and search history.
- data submitted by you through the contact form: name, surname, e-mail address, phone number, your message to us,
- information about your computer or mobile device and about your visits to and use of the Actaware Website – IP address of the device, the date and time of access, the name and URL of the accessed file, geolocation, device and/or browser type and version, information transmitted by the end device – the operating system of your device, the name of your access provider, language settings, etc., referral source, the length of visit, page views and Website navigation.
Legal Basis of Processing Your Data
Actaware may process Personal Data about the Users if:
- you have given us your consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law,
- provision of Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof,
- processing is necessary for compliance with a legal obligation to which Actaware is subject,
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in Actaware,
- processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
Please note that not all the provided legal basis apply at the same time and for all types of data or categories of purposes. If you want to know more about specific cases, please contact us via the e-mail provided at the end of this document.
Why Do We Collect Your Data
The Personal Data that you submit to Actaware by any means including via our App or Website, as well as
given to us via phone or email, will be used solely for the purposes specified in this privacy and cookies policy.
We use the information that you provide to us for the following purposes:
Enabling your use of our App
Enabling your use of our Website:
- setting up your user account,
- saving your registration ID and login password for future logins,
- sending you an activation code,
- storing information about your use of the App,
- saving your history and recently viewed products, companies, ingredients, and all data you can browse in the App,
- operating, protecting, improving, and optimizing the user experience of our App, such as by performing analytics and conducting research,
- analyze your scanned products and related data (your account, the data you submitted to the survey, your location, the time the photo was taken),
- displaying your specific product information according to your preferences expressed in the survey,
- evaluating products based on responses from the survey you completed,
- analyzing the products that you choose to make deductions about your behavior, the most frequently chosen product categories and the responses you get about products based on your preferences,
- communicating with you to send you information by email, telephone, text message, or other means about our App, including updates, security alerts, and account notifications,
- enabling you to share product pictures to Actaware,
- enabling certain features within the App to better understand how you interact with the Services and to monitor aggregate usage,
- learning about and analyzing your product choices,
- sending you push notifications with app-related information (after your consent),
- to evaluate the system’s security and stability,
- providing third parties with anonymized, aggregated, and statistical information about our Website users (read more in Third Party Disclosure).
- traffic auditing,
- sending you email, in app or mobile phone notifications which you have specifically requested
Children and Actaware
Due to the possibility of unsuitable content for children, such as alcohol, tobacco, and drugs, appearing in our Newsfeed, in accordance with policies adopted by both distribution platforms and regulations in individual countries, we have decided to prevent anyone under the age of 17 from accessing our app. Our algorithm for evaluating a product according to a user’s self-selected preferences could suggest minors to purchase products that are inappropriate for their age. Accordingly, we do not knowingly collect or store any personal information about children under the age of 16 and we do not offer or recommend any products or services directly to children under 13 years old.
Our Cookies Policy
What Are Cookies & Our Selection of Them
. They improve your experience by recognizing your device while visiting our Website again and tracking the visited sites and the items you click on these pages.
We use several types of cookies which are:
- Session cookies – this type helps to maneuver through the internet by remembering your actions, and they expire as soon as you close out of a web page.
- Persistent cookies – they track your online preferences to implement them next time you visit the website.
Also, when you submit data to us through a contact form, cookies may be set to remember the information you provided for future correspondence. Please note that these do not apply if we do not offer eCommerce services or if you choose not to use them.
Cookies are not used to identify users, and no one’s identity is established from them in any way.
We do not combine the data obtained from “cookies” in any way with personal data of users obtained, for example, during registration in our application.
Based on your behavior, we can better tailor the displayed page to your individual preferences.
Your Rights Towards Cookies
Most browsers automatically accept cookies. Users can manage their cookie settings through their web browser. Most modern web browsers provide general information about cookies, allow you to see what cookies you have, allow you to delete them all or separately, and allow you to block or allow cookies for all websites or selected individually. You can usually also separately disable third-party advertising cookies.
Adjusting your cookie settings via your browser, unless it involves deleting or disabling each cookie separately, will cause the changes to take effect on all websites you visit, not just this one.
Please note that after deleting or blocking cookies, some or all the websites you visit (or their functions) may not work properly or as effectively.
Adjusting your cookie settings varies from browser to browser. Information about cookies can usually be found in the “Help” section of your web browser.
Actaware will not sell any of your Personal Information to anyone. However, we may use your data related to the use of our application (survey responses, scanned products, etc.) to, after de-identifying it via anonymization (a process that involves transforming personal data in a way that makes it impossible to attribute it to a specific or identifiable individual), analyzing it appropriately in the context of data obtained from other users, and aggregating this data according to a specific criterion, disclose, distribute, transfer, and sell it to other companies. Remember, however, that data transformed in this way is no longer personal data, in view of which we have the right to further transfer it.
The purpose of doing so is to perform statistical analyses of user behavior and demographics in order to measure the interest in certain products and most popular recommendations towards them according to users’ preferences. It will enable individual companies (among others, manufacturers of the products you scan) to adapt to the specific needs of consumers.
Actaware might be forced by law to cooperate with private entities, government, or law enforcement officials to comply with certain regulations. In this regard, we preserve the right to disclose your personal data to the above-mentioned entities whenever it is necessary and appropriate to respond to any government or law enforcement requests or legitimate claims provided by private parties, to protect the public safety, safety, or any person, Actaware rights and to either prevent or deter activities that we might deem unlawful, unethical, or subject to legal penalties, or that might pose a risk of such activities.
Your Rights Towards Your Data and How You Can Exercise Them
At Actaware, we know the importance of privacy and the ability to exercise your rights in a proper manner. For this reason, below we have prepared a list of the rights that our users have in relation to the operations we conduct on the data that concerns them.
However, we point out that these rights correspond to the catalog listed in the GDPR. Please note that you have rights according to the law to which you are subject.
It should be noted that the GDPR applies to a company or entity that processes personal data as part of the operations of its EU-based subsidiary, regardless of where the data is processed, or to a company that is based outside the EU but offers goods/services there or is engaged in monitoring the behavior of individuals in the EU. Therefore, if you are a resident of California, Nevada, or another U.S. state, some of the above rights may not be enforceable under institutional control or through the courts.
If you are a California citizen, you can read about your specific rights in the California Privacy Notice section.
As our user, you have a right to:
- Right to access: You have the right to access your personal data free of charge and to be informed whether we are processing your personal data, the purpose of the processing, the categories of personal data being processed, and who the recipients, if any, are. You also have the right to obtain from us a copy of your data in an accessible format.
- Right to data portability: In case of data processing based on consent or contract, you can ask for your personal data to be given back or passed on to another company in a commonly used machine-readable format.
- Right to correction: If you believe that your personal data is incorrect, incomplete, or inaccurate, you have the right to have it corrected or completed immediately. You may also object at any time to the processing of your personal data for a specific purpose, where the legal basis for the processing is a legitimate interest or a task performed in the public interest. If our legitimate interest does not override yours, we will stop processing your data. However, we may ask you to limit the scope of processing of your personal data while we determine whose interest is overriding.
- Right to deletion: If your data is no longer needed for the purpose of processing, you can ask us to delete your personal data. We are not obliged to do so if:
- Processing is necessary to respect freedom of expression and information
- The obligation to store personal data is imposed on us by law, for example if the information is used to exercise certain rights, identify and repair errors on Actaware app, to detect security incidents and protect against illegal or fraudulent activities
- The data must be kept for other reasons of public interest, such as public health or scientific and historical research
- The storage of personal data is necessary to establish a claim.
- You can also ask us to delete your account. You can do this directly via App by choosing “Edit profile” -> “Delete Account.”
- Right to restriction of processing: You have the right to ask us to restrict processing certain types of data for specific purposes. The processing of Personal Data can be based on:
- the consent of the data subject,
- fulfilling a contractual obligation to the data subject,
- fulfilling a legal obligation,
- protecting the vital interests of the data subject,
- the performance of a task in the public interest,
- acting in the legitimate interests of your company if the fundamental rights and freedoms of the data subject are not affected.
Most of the processing for the purposes described in this document is based on your consent. You can revoke your consent with effect for the future at any time. In this case, all data processing that we have carried out until your revocation shall remain lawful.
Certain processing might be also based on a legitimate interest, for example fraud prevention IT security. Regarding this, you can also declare your objection with effect for the future at any time.
- Right of objection: For the reasons arising from a particular situation, you have a right to object against the processing of personal data that concerns you, also to regarding the necessary processing due to a legitimate interest on our part or to safeguard a task in the public interest, or in the exercise of official authority. If you file an objection, we will no longer process your personal data. The only reason we could do so is if we can prove compelling reasons for the processing which take precedence over your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
- Rights related to profiling and automated decision-making: when decisions are made only on a basis provided by automated processing, you might refuse to be the subject to a decision when it is based only on automated processing (such as profiling) and when such operation produces a legal effect or affects you in a similar and significant way. This does not apply when such profiling is essential for the performance of a contract between you and ActAware, based on your consent to Terms & Conditions.
- Right to lodge a complaint with a supervisory authority: you might have the right to lodge a complaint at any time with a particular supervisory authority depending on the powers granted by the legal order to which you are subject.
For example, in Poland that would be the Polish Data Protection Authority:Urząd Ochrony Danych Osobowych
Stawki 2 00-193 Warszawa
tel. 22 531-03-00 email@example.com
How Can You Exercise Your Data?
For the rights that can be enforced directly by contacting the Actaware team (the rights listed in Sections VIII a-h of this document), you may write us a message at the email address below, putting the name of the right you wish to enforce in the subject line. In the content of the message, please describe exactly what you are asking us to do and in connection with which data. We will respond as soon as possible.
In Actaware we take appropriate measures to assure the finest possible level of security for your personal data, whenever it is stored, processed, or transferred by us. In this regard, we use certain security tools that serve to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
Although we endeavor to secure your information, we cannot guarantee a 100 % safety of the collected data, as electronic transmission over the Internet or information storage technology cannot be completely secure because of the threats posed by unauthorized third parties. Despite that we will do our best to make sure that your personal data is safe.
We will make any legally required disclosures of security, integrity or confidentiality breaches concerning your unencrypted “personal data” to you via contact details provided by you, such as email, telephone, or our website without unreasonable delay, to the extent consistent with (i) any means required to identify the scope of the breach and restore the sensible data system integrity (ii) the legitimate needs of law enforcement. We choose which method we use to contact you about such an event.
According to the GDPR, sensitive data is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying an individual, or data concerning an individual’s health, sexuality, or sexual orientation.
In principle, the processing of any of these categories of data is prohibited. If, on the other hand, there is a prerequisite of the data subject’s express consent to the processing of data for one or more purposes, such processing is possible.
In the case of our application, the sensitive data we collect may primarily include:
- your political views;
- religion/philosophical views;
- food restrictions and allergies,
as well as, when considered as detailed political views:
- views towards human and employee rights,
- diversity equity and inclusion,
- animal care,
- corporate transparency,
- business involvement.
We ensure that we protect the above-mentioned sensitive data from unauthorized access. In accordance with the regulations, we keep this data for as long as it is necessary to provide the service to you, that is, until you completely delete your account. We also ensure that they are encrypted in an appropriate manner, and that access to the encryption keys is not held by cloud providers.
Storage of Data & Data Retention
We will keep your personal data if it is necessary due to the purposes described above. It might also happen that there is a longer retention needed to fulfill certain legal requirements upon an order of an authority. No purpose will require us to keep your data for longer than 3 months after deleting your account.
After the termination of the retention period, we will delete your Personal Data. Thus, you will not be able to exercise any of the above-described rights after that time.
International Transfers Information
Due to the necessity to host and manage your data submitted in the use of Actaware application or website properly, we work with several companies to whom we entrust your personal data for this purpose (for example Azure Microsoft for the purpose of data hosting or service providers for sending email messages). As some of these organizations have the data centers where they store user personal data and their headquarters in the United States, your personal data might be processed in the USA. This applies both to the citizens of the United States and citizens of other countries (e.g., from the European Union). We declare that we have made necessary safeguards in the shape of standard contractual clauses of the European Union to assure the appropriate level of data protection when your personal data is processed.
You can read about the standard contractual clauses here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de
California Privacy Notice
- As a Californian resident, you have certain rights that you can exercise according to the California Civil Code Section 1798.83 and California Consumer Privacy Act of 2018 (“CCPA”). If that circumstance applies, once a year you can request and obtain from us free of charge a list of third parties to which we provide your personal data for direct marketing purposes during the previous calendar year as well as categories of personal data shared with them.You can submit your request by sending us an e-mail at firstname.lastname@example.org with the title “California Privacy Notice – request” or by writing to our address in Concord, California.Some of your rights overlap with those under the GDPR:
- the deletion of the Personal Information we have about you (with several exceptions)
- obtaining additional information about what kind of Personal Information do we have about you as well as whether and how we have collected, used, disclosed, or sold (if it applies) Personal Information about you
- the right to non-discrimination for exercising their CCPA rights
- “Right To Opt Out”As a California resident, CCPA may allow you or your authorized agent to opt out of the “sale” to third parties of your personal information. Aside from some of the above-described uses of data hosting or services related to facilitating users to set up an account via email, the rest of our activities do not qualify as “sales” under CCPA.You may submit a California privacy rights request to us by: email@example.com
If you want to opt-out of the “sale” to third parties, you can do this via section in our App: “Do Not Sell My Personal Information”
Please note that we may ask you to provide information and follow procedures so that we can verify the request and your jurisdiction before responding to it. You might be required to give us your email address, first and last name or telephone number to ease the process of the request verification.
If you want to know more about Do Not Track, please check out this website: www.allaboutdnt.com.
If you want to use your right to designate the authorized agent, he/she needs to provide proof of your written permission that shows the authority to submit a request for you. We might also ask him/her for his/her personal verification.
Actaware reserves the right to amend this document at a time that is appropriate to it, due to, but not limited to, a willingness to receive consent from you to process more data or for a newly created purpose. However, due to our duty of information to users whose data we process, we are obliged to inform you before the latest version of the document comes into effect, with a minimum of two weeks’ notice via a notification in the application or by e-mail.
Updating Your Information
In case your data (including name, place of residence, phone number or email) changes, you can edit it
yourself at any time in our application. However, if you feel that we are in possession of data that you are not able to change yourself and it needs to be corrected, please contact us about it and we will try to help you.
The data controller responsible for safeguarding the information collected within the App and Website is:
3558 Torino Way, Concord, CA, 94518
If the information provided within this document is not enough for you, please do not hesitate to contact us – we will be happy to help you with all your concerns: firstname.lastname@example.org