App Privacy Policy

Introduction

Upify (hereinafter “we”, “us” or “our”) respects your right to privacy and takes our responsibilities in relation to the processing of personal data seriously. We do not collect or process personal data unnecessarily. This privacy policy (the “Policy”) together with our terms of service (the “Terms of Service”) sets out important information about your rights in relation to the processing of your personal data, and the basis on which any personal data we collect from you, or that you provide to us, will be processed in connection with your use of the Zoex application (“our App” or “the App”) and the provision of our Services.

‍

GDPR Controller

Under this Policy, and unless the circumstances otherwise require, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us. This means that we determine the purposes and means of the processing of personal data we collect.

‍

Scope

This privacy policy applies to information we collect:

on the Applications and your email communications with the Applications,
when you interact with our advertising and applications on third-party applications and services, if those applications or advertising include links to this privacy policy.
the information collected directly from you.

Information you give us

Your Data. This is information about you which is consensually given by making a registration on our App.

The information you give us may include:

Identity Data: your names, age, email address, phone number;
Geolocation Data: your city, state, country and business address;
Financial Data: your financial and credit card information, including bank account and payment card details, billing contact email address, and VAT number.
Operational Data: your online store properties, products, orders, transactions, customers, pixels, marketing and ads APIs.

The Data We Collect About You

We may collect different kinds of personal data about you, depending on whether you chose to create an account with us.

Automatically Collected Information. With regard to each of your visits to our App we will automatically collect the following information:

Technical Data: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type, and version, time zone setting, browser plug-in types and versions, operating system and platform, how often you visit the App and other performance data;
Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through, and from our App (including date and time), page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page

No special categories of personal data: We do not require or collect any personal data that is your sensitive personal data or any special category of personal data under the GDPR or CCPA.

‍

What we do with your information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.

We have set out below, in a table format, a description of the ways we plan to use your personal data and the legal basis we rely only on to do so. We have also identified our legitimate interests where appropriate:

Purpose/Activity	Type of data	Legal basis for processing
To respond to your queries and to provide you with the information you request from us in relation to our products or Services.	Identity Data Technical Data Usage Data Public Data Operation Data	Necessary for our legitimate interests (to respond to new or existing customer queries and grow our business). Performance of a contract with you
To set up and administer your account for the Services.	Identity Data	Performance of a contract with you
To provide the Services and perform our obligations arising from any contracts entered into between you and us.	Identity Data Financial Data Technical Data Usage Data Operational Data	Performance of a contract with you
To manage payments, fees, and charges and to collect and recover money owed to us.	Identity Data Financial Data	Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you, including notifying you about changes to the Services, our Terms of Services or Privacy Policy.	Identity Data Technical Data Usage Data Public Data Operational Data	Performance of a contract. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services).
To provide you with information about goods and services we offer that are similar to those that you have already purchased or enquired about.	Identity Data Technical Data Usage Data Public Data	Necessary for our legitimate interests (to develop our products or Services and grow our business)
Where you have given us your consent to do so, to provide you with information about other goods or services we feel may interest you.	Identity Data Technical Data Usage Data	Consent
To ensure that content is presented in the most effective manner for you and for your computer or device.	Identity Data Technical Data Usage Data	Necessary for our legitimate interests (to keep our App and the Services updated and relevant and to develop and grow our business).
To administer and protect our business, our App, the Services, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.	Identity Data Technical Data Usage Data Public Data Operational Data	Necessary for our legitimate interests (for running our business and as part of our efforts to keep our App and the Services safe and secure)
To use data analytics to improve or optimize our App, Services, marketing, customer relationships, and experiences	Technical Data Usage Data Operational Data	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our App and the Services updated and relevant, to develop and grow our business and inform our marketing strategy).
To allow you to participate in interactive features of the Services (including surveys), when you choose to do so.	Identity Data Technical Data Usage Data	Performance of a contract with you Necessary for our legitimate interests (to study how customers use our products or Services, to develop them and grow our business
To measure or understand the effectiveness of advertising we serve to you and others, and, where applicable, to deliver relevant advertising to you.	Identity Data Technical Data Usage Data	Necessary for our legitimate interests (to study how customers use our products or Services, to develop them, to grow our business, and to inform our marketing strategy).

How long we keep your information

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold.

‍

Disclosure of your information

We do not share your personal information to third parties for marketing purposes without your explicit consent. To provide you with our services and to also meet our regulatory requirements, we may need to share your information with our business partners, suppliers, and sub-contractors, affiliated companies and other third party product and service providers. We may also disclose your information if we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation, or court order and/ or to protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organizations for the maintenance and security of the App and Services.

You have the option to share your personal information stored on the application with the users in your friend list or with the companies you desire. By doing so, you acknowledge that you share your personal information willingly with these third parties.

You agree that we have the right to share your personal information with the following recipients or categories of recipients:

Any department or authorized person within Upify or any member within our group, which means any subsidiary or holding Upify.

Selected third parties including:

Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you in relation to the Services. You can view the full list of sub-processors here;
Where we have your consent to do so, email marketing service providers, to send information to you from time to time by email about promotions, competitions, updates, and new products or services that may be of interest to you;
Analytics and search engine providers that assist us in the improvement and optimization of our App;
Credit reference agencies for the purpose of assessing your credit score to the extent this is a condition of us entering into a contract with you.

‍

Security Measures

We take our security responsibilities seriously, using the most appropriate physical and technical measures, and require our partners to use the same standard of care. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. These are described in more detail below.

Location of Servers and Accessibility

Your personal data is not stored locally but on a secure server. which helps ensure your personal data is secure and private.

Data Storage

Your personal data is stored on secure servers hosted on Hetzner. These servers are located in Germany. Upify solutions applies Standard Contractual Clauses as a valid mechanism for transferring data outside the European Union.

Data Encryption

Data is encrypted using SSL Certification when transmitted from our servers to your browser.

‍

Your Personal Data and Your Rights

Accessing your Personal Data

You may request access at any time to a copy of the personal data we hold about you. Any such request should be submitted to us in writing and sent to support@zoex.app We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.

Right of Restriction

You may restrict us from processing your personal data in any of the following circumstances:

You have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;
The processing of your personal data is unlawful and you request the restriction of the use of personal data instead of its erasure;
We no longer require your personal data for the purpose of processing but you require this data for the establishment, exercise, or defense of legal claims; or
Where you have contested the processing (under Article 21(1) of the GDPR) pending the verification of our legitimate grounds.

Corrections or Erasure (Right to Rectification and Right to Be Forgotten)

If we hold personal data concerning you which are no longer necessary for the purposes for which they were collected or if you withdraw consent for us to process your personal data, you can request the deletion of this personal data. This right, however, will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health. If the personal information we hold about you is inaccurate, you may request to have your personal information updated and corrected.

Your Right to Object

You have the right to object to the processing of your personal data at any time:

For direct marketing purposes
For profiling, to the extent, it relates to direct marketing
Where we process your personal data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights, and freedoms or in connection with the enforcement or defense of a legal claim

Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above.

Data Portability

Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.

Profiling

Profiling is an automated form of processing of personal data often used to analyze or predict the personal aspects of an individual person. This could relate to a person’s performance at work, economic situation, health, personal preferences, reliability, behavior, location, or movements. An example of this would be where a bank uses an automated credit scoring system to assess and reject a loan application.

You have the right to be informed if your personal data will be subject to automated decision making, including profiling. You also have the right not to be subject to a decision based solely on the automated process, including profiling, where that decision impacts on your legal rights. There are some exceptions to this rule, where, for example, the decision is necessary for connection with the performance of a contract between us, is authorized by law, or where you have given your explicit consent to this automated processing. In this case, however, we do not engage in profiling or automated processing for profiling purposes.

Personal Rights

The rights described in this section are personal rights and are exercisable only by the individual person (or data subject) concerned. If we receive any such request or communication directly from your customers and/or in relation to Your End Customer Data, we will refer the matter to you and cooperate in providing such reasonable assistance as may be required to enable you, as a controller, to respond to the matter. This will be described in more detail in the Terms of Service or the other relevant contract between us.

Privacy notice for California Residents

Upify has adopted this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice.

Please refer to the sections Information you give us & What we do with your information above for information on how we process your personal data in compliance with the CCPA.

Sharing personal information under the CCPA

We may disclose your personal information to a third party for a business purpose, subject to your right to opt-out of those sales

Disclosure of personal information for service providers

We share your personal information with services such as web hosting, data analysis, payment processing, customer service, email delivery, security, advertising or marketing, and similar services.

Disclosures of personal information for a business purpose

In the preceding twelve (12) months, we have disclosed personal information for a business purpose which include: identifiers, customer record information, commercial information, internet or electronic network activity, geolocation data, and professional or employment-related information.

Sale of Personal Information

Within the last 12 months, we have disclosed the following categories of personal information in a manner that may be considered a "sale" as defined in the CCPA: identifiers, geolocation data, and professional and employment-related information.

You may opt-out of the "sale" of you personal information on an going-forward basis by sending us an email at support@zoex.app.

Your CCPA rights

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to specific information and data portability rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

sales, identifying the personal information categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Data deletion rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech to ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Limitation of processed personal data

We process only the minimum personal data required to provide you with our services. By doing so we strive to comply with the data minimization principle.
For more information please visit :
1. https://developers.google.com/terms/api-services-user-data-policy

2. https://developers.facebook.com/devpolicy/

Exercising your personal data rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us an email at support@zoex.app.

‍

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

Changes to this policy

We reserve the right to update this Privacy Policy. When we make changes to this Privacy Policy, the date at the beginning of this Privacy Policy will reflect the date from which the change goes into effect. You are advised to consult this Policy from time to time.

Last Modified: 17 June, 2023

‍