justgoodapp

COMOTE’S PRIVACY POLICY

The protection of users' privacy is vitally important to Comote (hereinafter referred to as: the “Comote” or “We”, “Us“, “Our”).

Below you shall find the policy concerning the personal data gathering jointly with the rules governing its processing and usage implemented and subsequently used by Comote (hereinafter referred to as: the “Policy”).

We are committed to make every possible endeavour to protect Our Users' personal data and privacy. Therefore, gathering, management and usage of information concerning the Comote’s Website Users is limited to the bare minimum being required by Us in order to provide you with the highest quality services.

Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) establishes Us as a Data Controller. Data Controller shall be understood an entity which independently or jointly with others determines the purposes and the means of personal data processing.

What is personal data?

The personal data shall be understood as the information by means of which We may identify the User(s) of Our https://justgoodapp.com/ website (hereinafter referred to as: the “Website”) as an individualised person(s). Identification can take place directly or indirectly.

The data being collected at Our Website relates to the activity of the User(s); the term of “User” is specified by Our Terms of Service.

What is personal data processing?

Personal data processing shall mean any operation or a set of operations which is performed on personal data or on sets of personal data, whether or not by the automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or sharing in another way, alignment or combination, restriction, erasure or destruction.

What personal data do We process, for what purposes and what are the legal grounds for such processing?

We do not process sensitive personal data such as race and ethnicity, political views, religious or philosophical views, trade union membership, physical and mental health details, genetic data, biometric data, sexuality, and criminal record.

Comote process information – not necessarily any personal data, but so called metadata - collected within and via Website which might be and / or become a personal data of User(s); details are specified by the table below.

Data used	Purpose of use	Legal grounds of use
Cookies, Device Information, and Online Identifiers - Cookies, browser type, language, screen size, and device identifiers	To recognize the User’s device and enable consistent tracking and service functionality	Given consent – GDPR, article 6. 1. (a)
Limited Data for Advertising - Website/app usage, device type, and non-precise location	To select and deliver ads based on minimal data without detailed profiling	Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)
Activity Information and Combined Data for Advertising Profiles - Forms submitted, pages viewed, and combined activity data from other services	To create advertising profiles based on the User’s interests and behaviours for personalized ad delivery	Given consent – GDPR, article 6. 1. (a)
Activity Information and Combined Data for Personalized Content - Forms submitted, content interactions, and data from similar users	To create content profiles to personalize and optimize the User's content experience	Given consent – GDPR, article 6. 1. (a)
Advertising Interaction Data - ads viewed, clicks made, and actions taken after interacting with ads	To measure the effectiveness of ad campaigns and improve future targeting	Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)
Content Interaction Data - Articles read, videos watched, and time spent interacting with content	To evaluate the performance and relevance of non-advertising content	Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)
Data from Combined Sources Data Used - User profiles, market research, and analytics data	To generate audience insights and identify trends among the User and similar profiles	Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)
Interaction Data for Service Improvement - Ads and content engagement data, including frequency and type of interactions	To enhance and develop services based on patterns in the User’s engagement	Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)
Device and Limited Interaction Data for Content Selection - Device type, current website/app usage, and previous content interactions	To select relevant content and avoid repetitive displays for the User	Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)
Security and Fraud Prevention Data - System logs, anomalous activity patterns, and ad click data	To detect and prevent fraudulent activities and ensure system security for the User	Controllers legitimate interest - GDPR, article 6. 1. (f)
Technical Device Information - IP address, browser type, and device capabilities	To ensure compatibility and seamless delivery of content or ads to the User’s device	Necessity for contract performance - GDPR, article 6. 1. (b)
Privacy Preferences - Choices regarding data usage and vendor preferences	To save and enforce the User’s privacy settings across services	Controllers legitimate interest - GDPR, article 6. 1. (f)
Combined Data from External Sources - Loyalty card usage, surveys, and activity data from other platforms.	To link and analyse data from multiple sources for improved targeting and service quality	Controllers legitimate interest - GDPR, article 6. 1. (f)
Device Linking Data - Shared logins and internet connection data from the User’s devices	To link multiple devices belonging to the User for seamless cross-platform service.	Controllers legitimate interest - GDPR, article 6. 1. (f)
Automatically Transmitted Device Information - IP address, browser details, and other automatically shared device data	To distinguish the User’s device for personalization and analytics.	Controllers legitimate interest - GDPR, article 6. 1. (f)
Precise Geolocation Data - GPS-based location data within a 500-meter radius	To provide location-specific services, ads, and content to the User	Given consent – GDPR, article 6. 1. (a)

For how long do We storage personal data?

The term upon which We are allowed to storage and therefore process personal data is dependent on the legal basis for which data gathering took place. Comote’s does not process personal data for a period longer than the said legal basis allows, what shall be deemed as the following:

personal data gathered on the grounds of the consent being given –
- the processing period shall last until the consent is withdrawn;
personal data gathered on the grounds of necessity for the execution of a contract to which the User is a party (namely, Our Terms of Service) –
- the processing period shall last until the given contract expires, or is terminated, + six (6) years;
personal data gathered on the grounds of the justified interest –
- the processing period shall last until such interest exists, or until the User whose data is processed opposes to such processing, whatever appears first.

If there are no specific legal or contractual requirements for personal data retention, the basic term shall be no longer than ten (10) years.

Do We transfer personal data to the third-parties?

Comote may transfer personal data to the third-parties on contractual bases; in this respect, pursuant to GDPRs relevant provisions We are remaining the data controller, while the aforementioned third-party becomes the data processor. Therefore, in each such contract We embed terms and safety mechanisms in order to ensure Our standards for data protection - their confidentiality, integrity and security. Comote retains control over the method and scope of processing by the party vested in the data processing agreement(s). As a result, the third-party recipients of personal data processed on Our behalf may inter alia include:

data protection and data security services providers;
data analytics services providers;
hosting services providers;
software, maintenance and / or hardware services providers;
marketing and / or sales representatives acting on behalf of Comote;
Comote’s subcontractors;
survey reports providers;
accountants, strategy and business consultants, legal and tax advisors.

To which countries do We transfer personal data?

Some of the third-parties (processors) to which we transfer the personal data may be based outside the European Economic Area (hereinafter referred to as: the “EEA”), in particular within the United States of America.

Comote remains committed to minimise the range, amount and value of the personal data being transferred outside the EEA.

What about the references to websites other than https://justgoodapp.com ?

Comote shall not be deemed responsible for data privacy protection rules applied by the other websites than https://justgoodapp.com, to which links are provided at the Website. Users are requested to familiarise themselves with the data privacy policies and / or statements being placed at Our partners website(s).

Do We automatically process personal data?

Personal data of Our Users may be processed in an automated way, including profiling. Provided that Comote holds a relevant consent, for such purposes, We may also cooperate in this matter with a third-party entities.

How do We protect personal data?

Comote makes all possible efforts to ensure all physical, technical, and organizational measures for personal data protection are in place in order to safeguard it against: accidental and / or deliberate destruction, accidental loss, alteration and / or unauthorised disclosure. We also assure that each and every data processing being performed by Us is in compliance with all applicable laws, regulations and policies.

What are the Users rights with respect to personal data We collected?

Once We collected your personal data, as a User you are vested with the following rights:

to access your personal data;
to rectify your personal data;
to remove your personal data (right to be forgotten);
to limit the personal data being processed;
to transfer your personal data to another data controller;
to file an objection against the way of personal data processing, what also includes profiling;
to withdraw your consent to process your personal data at any moment without affecting the legitimacy of processing performed on the basis of your consent being given prior to such withdrawal;
to file a complaint to the relevant Data Protection Authority, when you believe that personal data processing performed by Us violates the provision(s) of law.

Who is the Personal Data Controller and how to contact her?

The personal data controller is COMOTE SPÓŁKA AKCYJNA having its business premises in Wroclaw, Poland, 50-089, on ul. Swobodna 1, with National Court Register number (KRS): 0000935035.

Please contact Us via email: [email protected]

What about the amendments of this Policy?

Updates in Our Policy usually reflects the technology development(s) and / or changes in the legal environment we operate in. We are also committed to follow the data protection guidelines and / or recommendations issued by the National and International Authorities.

For those reasons we reserve the right to amend the current Policy as needed.