(Last updated February 25th, 2020)
For the purpose of the processing personal data, we may engage data processors and/or, at its sole discretion, hire other persons to perform certain functions on behalf of Flashat. In such cases, we shall take necessary measures to ensure that such data is processed by the personal data processors in accordance with instructions of and applicable European Union legislation. Shall also require the personal data processors to implement appropriate measures for the security of personal data. In such cases, we shall ensure that such persons will be subject to the non-disclosure obligation and will not be able to use this information for any other purpose, except to the extent necessary to perform the functions assigned to them.
ACCEPTANCE AND USE
DATA PROTECTION PRINCIPLES
“Personal data” means any information that enables us to identify you or the beneficiary of your transaction with us, directly or indirectly, such as name, email, address, telephone number, any form of identification number or one or more factors specific to your or your beneficiary’s identity.
We are committed to complying with applicable data protection laws and will ensure that personal data is:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely.
DATA WE COLLECT ABOUT YOU
Flashat may collect two (2) types of information about you: personal and non-personal.
PERSONAL INFORMATION WE COLLECT ABOUT YOU (PIPEDA)
According to the federal Personal Information Protection and Electronic Documents Act, 2000 (PIPEDA), “personal information” means information about an identifiable individual. The information you provide to Flashat is considered personal information; it is possible to relate it back to you through your name, address, e-mail address, telephone number and any other information that can identify you. If information cannot be related to an identifiable individual it is considered anonymous information (such as laboratory results identified by alpha-numeric identifier instead of individual’s name). Whenever possible, Flashat works with anonymous information. This privacy statement does not apply to anonymous information.
TYPES OF DATA WE COLLECT FROM YOU
- Personal Identifiable Information(PII). We acquire PII that may include, in certain contexts, your Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email.Which certain jurisdictions consider to be PII because it could be used to identify an individual or Device if it were combined with other identifying information.
- Formal Identification Information: Government issued identity document such as a Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.
- Institutional Information: Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.
- Financial Information: Bank account information, payment card primary account number (PAN), transaction history, and/or tax identification.
- Sensitive PII: Information about the transactions you make on our Services, such as the names, mobile number, email address and other information about the directly connected accounts to your account [FAMILY] which are attracted to our service by you.
- Employment Information: Office location, job title, and/or description of role.
- Correspondence: Survey responses, information provided to our support team or user research team.
- Anonymous Data. Some of the Data that we acquire cannot identify, distinguish or trace you or your Device, even if combined with other identifying information, and some Data that could be considered PII when combined with other identifying information is not used in a way that identifies, distinguishes or traces you or your Device, but is instead used in an anonymous way, often aggregated with other anonymous Data about other users.
Non-personal information refers to information that, by itself, does not identify you as a specific individual (e.g. demographic information or web site visitations). Flashat may collect non-personal information through any of the methods discussed above as well as automatically through use of industry standard technologies described further below.
INFORMATION COLLECTED THROUGH TECHNOLOGY
While you are able to visit the Flashat site and remain anonymous, Flashat or its third party service providers may still collect non-personal information about your use of the Flashat materials (e.g. Your internet browser, operating system, ip address, connection speed, and the domain name of your internet service provider). Such information may be gathered by the following methods:
- Cookies. Cookies(including local shared objects) are small pieces of information that are stored by your browser on your device’s hard drive which work by assigning to your computer a unique number that has no meaning outside of the Flashat site. Cookies do not generally contain any personal information. Most web browsers automatically accept cookies, but you can usually configure your browser to prevent this. Not accepting cookies may make certain features of the Flashat materials unavailable to you.
- IP address. You may visit many areas of the Flashat site anonymously without the need to become a registered user. Even in such cases, Flashat may collect ip addresses automatically. An IP address is a number that is automatically assigned to your computer whenever you begin services with an internet services provider. Each time you access the Flashat site and each time you request one of Flashat’ pages, the server logs your ip address.
- Beacons. Beacons are small pieces of data that are embedded in web pages and e-mails. Flashat may use these technical methods in html e-mails that Flashat sends to users to determine whether they have opened those e-mails and/or clicked on links in those e-mails. The information from use of these technical methods may be collected in a form that constitutes personal information.
- Tracking content usage. If you use the Flashat services and you post audio visual materials including, without limitation, text, logos, artwork, graphics, pictures, advertisements, sound and other related intellectual property contained in such materials (collectively, “content”) to your app site or to a third party app site, Flashat tracks and captures non-personal information associated with user accounts and the use of content.
OTHER INFORMATION YOU MAY SUBMIT
You may submit data to us for limited purposes such as requesting customer support; answering a questionnaire; participating in a study; entering contests or sweepstakes; or signing up to receive communications from us or another user.
INFORMATION WE COLLECT FROM YOU AUTOMATICALLY
We receive and store certain types of information automatically, such as whenever you interact with or use Flashat app. This information helps us address customer support issues, improve the performance of Flashat applications, providing you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:
- Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
- Usage Data: Authentication data, security questions, click-stream data, public social networking posts, and other data collected via cookies and similar technologies.
For example, we may automatically receive and record the following information on our server logs:
- How you came to and use Flashat App;
- Device type and unique device identification numbers;
- Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);
- How your device interacts with Flashat App and Services, including pages accessed and links clicked;
- Broad geographic location (e.g. country or city-level location); and
- Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser.
We may also use identifiers to recognize you when you access our service and or App via an external link, such as a link appearing on a third party site
HOW WE USE YOUR DATA
We may use your data for the following purposes:
- Identification and authentication: we use your data to verify you when you access your account.
- Communicating with you: We use your data when we communicate with you (e.g., when we respond to a customer support or other inquiry).
- Improving our services: We use your data to understand how our services are being used and how we can improve them. In general, we analyze aggregated data, rather than specific user data. We may, however, need to analyze a specific case to address a specific problem (e.g., a bug that affects only a few accounts).
- Customizing your experience: We use your data to personalize the service to you. This may include remembering your preferences for language or volume or displaying app that you might enjoy, based upon your viewing choices.
- Sending personalised notifications: We use your personal data to send personalised notifications to you which may include, receiving a Birthday Greeting from Flashat, and we may also notify your contacts and friends when it’s your birthday, unless you turn off this option from the “Privacy Settings”.
- To ensure network and data security: We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of Flashat Services.
- Marketing and advertising: We use your data to display ads and send you offers. We may also use your data in delivering third-party advertisements to you. This may include "targeted ads" based upon your activities.
- Exercising our rights: Where reasonably necessary, we use your data to exercise our legal rights and prevent abuse of our service. For example, we may use your data to detect and prevent fraud, spam, or content that violates our terms of service.
- Legal compliance: We use your data where we are legally required to do so. For example, we may need to gather your data to respond to a subpoena or court order.
- Protecting your information: Where appropriate, we may anonymize, backup, and delete certain data.
- For research and development: We process your personal information to better understand the way you use and interact with Flashat's Services. In addition, we use such information to customize, measure, and improve Flashat features and the content and layout of our App and applications, and to develop new services.
We may use algorithms and other automated means to implement any of the above.
REMARKETING ON THE APP AND SERVICES
WITH WHOM WE SHARE YOUR DATA
We share data with third parties as follows:
- With your consent: We may share your data with third parties where we have obtained your express consent to do so. You may revoke these consents.
- Authorized vendors: We may share your data with third-party vendors that help us operate our services, process payments, and comply with your instructions and our contractual obligations. This includes payment processors, content delivery networks (cdns), cloud-based hosting services, monitoring services, email service providers, quality assurance and testing vendors, fraud and abuse prevention vendors, customer relations management (crm) vendors
- Advertising: We may share your data with advertising companies to display relevant ads to you. Unless you expressly agree, we will not share or sell your name, email address, or physical address with such persons.
- Analytics: We may share your data with persons who provide analytics showing how customers are using our services.
- Affiliates and advisors: We may share your data with our affiliates, and our auditors and advisors for planning, financial reporting, accounting, auditing, tax filings, and legal compliance. Unless you expressly agree, we will not share your data with our parent or any affiliate for other purposes, such as direct marketing.
- Certain legal situations: We may share your data where we believe disclosure is necessary to comply with a legal obligation or in connection with a corporate transaction.
- Aggregated or anonymized information: We may publicly disclose non-personal aggregated or anonymized information such as our number of visitors and registered users.
Flashat may occasionally send you push notifications through our mobile applications. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
DO NOT TRACK
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers and devices. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
INTEREST-BASED ADVERTISING TECHNOLOGIES
As noted above, you may limit advertising tracking using advertising identifiers through your mobile device’s privacy settings.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at http://www.networkadvertising.org/managing/opt_out.asp, or http://www.youronlinechoices.eu/ and http://www.aboutads.info/choices/.
We retain your data for as long as you have an account. When you close an account, we will delete your personal information. We may retain logs of automatically collected information (for internal analytics); your email address; your tax information; communications with you; and your transactional information (for auditing, tax, and financial purposes). When we no longer have a business reason for retaining data, we will delete or anonymize it.
If we receive a legal process pertaining to your account, we will retain your data for as long as we in good faith believe is necessary to comply with the legal process. Similarly, if we believe that your account has been involved in wrongdoing, we may preserve your data to defend or assert our rights.
EEA Data Subjects
Legal Bases for Processing your Information:
For individuals who are located in the European Economic Area, United Kingdom or Switzerland (collectively “EEA Residents”) at the time their personal data is collected, we rely on legal bases for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”). We generally only process your data where we are legally required to, where the processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business or to protect Flashat App or your, property, rights, or safety, or where we have obtained your consent to do so. Below is a list of the purposes described in our policy with the corresponding legal bases for processing.
YOUR PRIVACY CHOICES
We enable you to make numerous choices about your data:
- You may choose not to provide us with certain information. For example, you may choose not to create an account or not to provide optional account information.
- You may change your account and privacy settings. You may change or correct information voluntarily submitted to us. We encourage you to keep your data current by viewing your settings page.
- You may opt out of receiving commercial emails from us.
- You may close your account.
- Users from certain countries may have additional rights.
OUR COPPA POLICY TOWARDS CHILDREN
Flashat complies with both the Children’s Online Privacy Protection Act of 1998 (COPPA) and, with regard to EU data subjects, with GDPR. We do not knowingly request to collect personal information required for Flashat Premium Membership from any person under the age of 16. If a user submitting personal information is suspected of being younger than 16 years of age, Flashat will prevent user from registering for Premium Plan or Package, cancel his/her membership without being liable to refund any paid subscription fees, also Flashat retains the Right to close such account and/or not allow such users to continue using Flashat Service. We will also take steps to delete the information as soon as possible.
Please notify us if you know of any individuals under the age of 16 using our Premium Services so we can take action to prevent access to our Services.
What is it?
- We will collect, save and store all information contained in your Flashat chat history for up to 90 days, including your photos, voice messages, videos, and sticker. If you are a premium user, you can elect to save this information on our servers for a longer period of time. You can permanently delete your Flashat chat history at any time.
How do we use it?
- To allow you to access your chat history, photos, and videos for your own purposes.
- To collect aggregated data from your chat history. We use the data to build language models which help us improve the Service. We will only collect this data on an aggregated basis, and in a manner which does not reveal any personally identifiable information about any individual user. We will use this data to help us understand our users’ interests, analyze trends, and customize the user experience.
CROSS BORDER TRANSFERS
To facilitate our global operations, Flashat may transfer, store, and process your information within our family of companies, partners, and service providers based throughout the world.
We contractually obligate recipients of your personal information to agree to at least the same level of privacy safeguards as required under applicable data protection laws. By communicating electronically with Flashat, you acknowledge and agree to your personal information being processed in this way.
If you have a complaint about our privacy practices and our collection, use or disclosure of personal information please submit your request via any of Flashat provided CONTACT US mediums.
DATA TRANSFERRED OUT OF THE EU
Our Estonian based company, Flashat OÜ, is the publisher of Flashat Mobile App, confirms its compliance with the EU-US Privacy Shield Framework. We are committed to subjecting all personal information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield List at https://www.privacyshield.gov.
Flashat does its best to process personal information it receives under the standards of Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Before we share your information with any third party that is not also certified under the EU-US Privacy Shield Framework, Flashat will enter into a written agreement that the third party provides at least the same level of privacy safeguard as required under those Frameworks, and assures the same level of protection for the personal information as required under applicable data protection laws.
Worldwide data subjects with inquiries or complaints relating to Flashat Privacy Shield internal policy should first contact Flashat by filling the CONTACT US form provided in www.flashat.com. If we are unable to resolve your complaint or dispute, you may refer your complaint to our designated independent dispute resolution mechanism, i.e. the International Centre for Dispute Resolution ("ICDR").
LEGAL BASES FOR PROCESSING (FOR EEA USERS):
If you are an individual in the European economic area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the services, including to operate the services, provide customer support and personalized features and to protect the safety and security of the services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, and this may mean no longer using the services.
SECURITY MEASURES FOR SAFEGUARDING YOUR INFORMATION
Flashat takes appropriate security measures to protect against unauthorized access, alteration, disclosure or destruction of personal information. These include, but are not limited to, internal reviews of: (a) Flashat’s data collection; (b) storage and processing practices; (c) electronic security measures; and (d) physical security measures to guard against unauthorized access to systems where Flashat stores personal information. All Flashat employees, contractors and agents who access personal information are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution or unauthorized use or disclosure of personal information.
THIRD-PARTY APP SITE AND LINKS
The Flashat contents may contain links to third parties who may collect personal information and non-personal information directly from you. Additionally, Flashat may use third parties to provide components of the Flashat contents. In either case, such third parties may have separate privacy policies and data collection practices, independent of Flashat. Flashat: (a) has no responsibility or liability for these independent policies or actions; (b) is not responsible for the privacy practices or the content of such App; and (c) does not make any warranties or representations about the contents, products or services offered on such App or the security of any information you provide to them
MOBILE ADVERTISING IDENTIFIERS
What are they?
- Mobile advertising identifiers are identifiers used by mobile operating systems (Apple and/or Android) and made available to advertising providers to gather metrics on mobile apps (Apple’s IDFA or Google’s AAID) to help advertisers provide ads that may be more relevant to your interests.
How do we use them?
- To deliver content, including ads relevant to your interests, on the Flashat mobile app. Third party advertisers and advertising networks may use advertising identifiers collected from your Flashat app to deliver ads they believe are relevant to you in other third party apps.
Other things you should know:
- Third party advertisers on the Service can access your IP address and mobile advertising identifiers. You can change the mobile advertising identifiers in your mobile device or limit advertising tracking through your mobile device’s privacy settings.
CALIFORNIA / DELAWARE DO NOT TRACK DISCLOSURES
Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party web sites or online services (e.g., browsers do not track signals). Currently, Flashat do not monitor or take any action with respect to these signals or other mechanisms.
By creating an account, you consent to receive commercial emails from us. This includes newsletters and offers. Users from certain countries may have the ability to opt out or opt in at the time of account creation. All users may decline to receive commercial messages in their account settings. Please note that any opt-out request may take several days to process and you will continue to receive transactional emails from us (e.g., emails confirming transactions and/or providing information about your account).
We are committed to maintaining the security of your personal data and have measures in place to protect against the loss, misuse, and alteration of the data under our control. We employ modern and secure techniques to protect our systems from intrusion by unauthorized individuals, and we regularly upgrade our security as better methods become available.
Our data centers and those of our partners utilize modern physical security measures to prevent unauthorized access to the facility. In addition, all personal data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access.
All our employees who have access to, or are associated with, the processing of personal data are contractually obligated to respect the confidentiality of your data and abide by the privacy standards we have established. Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of personal data.
The App may offer chat rooms, Chatbots, forums, message boards, or news groups to users. It is important to remember that any information disclosed in these areas becomes public information. Accordingly, as with any public forum, you should exercise extreme caution when deciding whether to disclose your personal information.
GDPR STATEMENT FOR (EEA USERS)
This applies only to natural persons residing in the European economic area (for the purpose of this section only, "you" or "your" shall be limited accordingly). It is Flashat's policy to comply with the EU'S general data protection regulation (GDPR). In accordance with the GDPR, we may transfer your personal information from your home country to the United States (or other countries) based upon the following legal frameworks:
- Legitimate business interests: We could not provide our services or comply with our obligations to you without transferring your personal information to the United States
- Consent: We may transfer your personal information when we receive your express, revocable consent.
- Our use of standard contractual clauses (also known as "model clauses") where appropriate.
We enable exercise of these rights primarily through our services (which we reserve the right to modify). We also fulfil our obligations in response to direct requests. We will endeavor to process requests within one month. Please note that we may not be able to comply with requests to the extent that they would cause us to violate any law or infringe any other person's rights. We reserve the right to request appropriate identification. We will process requests free of charge unless they would impose an unreasonable cost on us.
If you have a request, complaint or inquiry, please contact our data protection officer at the address listed below. We are committed to working with you to obtain a fair resolution of any issue. You also have the right to file a complaint with the supervisory data protection authority of your jurisdiction.
GDPR Data Privacy User Rights
If you are an EU resident and Flashat is processing, and/or transmitting your personal data, then you - as an “EU data subject” – benefit from the following rights and privileges under the General Data Protection Regulation (GDPR):
- Right of Access: You have the right to obtain from us, as controllers, confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following personal data and information:
- The purposes of the processing;
- The categories of personal data concerned; i.e name, email, phone number etc. ;
- The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations’;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; (f) the right to lodge a complaint with a supervisory authority (for a list of supervisory authorities, see https://edpb.europa.eu/about-edpb/board/members_en);
- Where the personal data are not collected from you, any available information as to their source;
- The existence of automated decision-making, including profiling, along the lines indicated by Article 22(1) and (4) GDPR, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- Right to Rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerned, provided during registration by him or her. Taking into account the purposes of the processing, the user(s) have the Right to request his/their incomplete personal data be completed, including by means of providing a supplementary statement.
- Right to Erasure (“Right to be Forgotten): You have the right to obtain from us the erasure of your personal data without undue delay, and we have the obligation to erase personal data without undue delay when: a) your data are no longer necessary for the purposes for which they were collected; b) you had consented to the processing; c) you have objected to the processing, as per below; d) your persona data had been unlawfully collected; e) your personal data need to be erased as a matter of compliance with a legal obligation.
- Right to Restriction of Processing: You have the right to obtain from us the restriction of processing, if: a) you contest the accuracy of the personal data, until this is verified; b) the processing is unlawful but you don’t want erasure; c) we no longer need the personal data, but you require them to establish, exercise to defend a legal claim; d) you have objected to processing but there is a need to verify whether our legitimate grounds override your rights to object.
- Right to Data Portability: Where your personal data have been provided on the basis of your consent or for the performance of a contract, and their processing occurs in an automated way, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data– or have directly transmitted - to another controller.
Right to Object: You have the Right to Object, on grounds relating to your particular situation, at any time to processing of your personal data based on a legitimate ground point (e) or (f) of Article 6(1), including profiling based on those provisions. In this case, we can no longer process your personal data unless we show that there is a compelling legitimate ground for the processing which override your interests, rights and freedoms or for our establishment, exercise or defense of legal claims.
YOUR RIGHT TO WITHDRAW CONSENT
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us email@example.com. You can also change your marketing preferences
You can also exercise the rights listed above at any time by contacting us at firstname.lastname@example.org.
If your request or concern is not satisfactorily resolved by us, you may contact our data protection officer, his email is email@example.com.
He can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
OPTING OUT OF MESSAGES FROM US
To opt-out of any future promotional messages from us, you should unsubscribe in the body of the promotional message that was sent to you (found at the bottom of the email) or send an unsubscribe request to us at firstname.lastname@example.org. We will process your request within a reasonable time after receipt.
OPTING OUT OF SHARING WITH THIRD PARTIES FOR MARKETING
If you do not want your Personal Information or Personal Data shared with any third party who may use such information for direct marketing purposes, then you may opt-out of such disclosures by sending an email to email@example.com. Please note that if you opt out in this manner, certain aspects of the App and platform may no longer be available to you. We will process your request within a reasonable time after receipt.
OPTING OUT OF INTEREST BASED ADVERTISING
CALIFORNIA RESIDENTS CONSUMER ACT CCPA
California residents are entitled to ask us for a notice identifying the categories of Personal
Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to:firstname.lastname@example.org.
If you are a resident of the European Economic Area, please see the section below headed “Additional Information for users in the European Economic Area” for further information about your privacy rights.
CALIFORNIA RESIDENT RIGHTS (CCPA)
If you are a California resident who has provided us with your Personal Information during the creation of or during the course of establishing a relationship that is primarily for personal, family, or household purposes, you may, once per calendar year, request information regarding our disclosure of certain categories of your Personal Information. Specifically, pursuant to California Civil Code 1798.83 (the “Shine the Light” law), we will provide you a list of the categories of Personal Information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. You maymust submit your request to us either atby our e-mail address email@example.com.
PRIVACY COMPLAINTS PROCEDURE
Where you believe that we have not complied with our obligations under this Privacy Notice, or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let us know about any complaint you might have and Flashat will respond in line with our complaints procedure – our contact details are set out in the contact us section below.
We want to deal with your concerns fairly, effectively and promptly. However, some complaints are more complex than others and may take some time to investigate.
- We will acknowledge your complaint promptly after receiving it.
- We will keep you informed throughout any investigation.
In order to assist in the speedy resolution of any complaint you may have, it’s important that we understand your complaint fully. Sometimes this means we may ask you to address your concerns to us in writing. This can be either by email or post to the addresses. We have established internal procedures for investigating any complaint, which may also involve experienced members of staff from Flashat Companies considering or investigating the complaint. Where appropriate, the complaint will be dealt with by someone who was not directly involved in the matter which is the subject of your complaint. The member of staff will either have authority to settle your complaint or will have ready access to someone who has the authority. Our response will fully address the subject matter of your complaint and, if appropriate, will offer redress. If you phone us during our investigation and the member of staff handling your complaint is not available, then another member of our team will try to assist you.
Unless applicable data protection laws require responses within shorter timescales, we will try to resolve any privacy complaints you have within 15 business days of receiving your complaint and in exceptional circumstances, within 35 business days (and we will let you know if this is the case).
As noted above, if you are not satisfied with our reply/outcome, or otherwise with the handling of the complaint, you may have the right to lodge a claim before a relevant Data Protection Authority or the courts.
SECURITY AND PERSONAL INFORMATION
The Site uses its best endeavors to store all Personal Information on servers with restricted access, and all electronic storage and transmission of Personal Information are secured with appropriate security technologies. Not to withstand the foregoing, the app cannot guarantee that such precautions would render the Site and its servers immune to security breaches.