PRIVACY POLICY FOR CHEERFY USER SERVICES

By means of this Privacy Policy, Cheerfy Ltd. (“CHEERFY”, “we”, “us” and “our”) wants to inform you about the Processing of your Personal Data while using our User Services. Below you will find information on what Personal Data we collect about you, how we use it, for which purposes we use it, with whom we share it and which rights you have regarding the Processing of your Personal Data.

If you have any questions, concerns or comments about this Privacy Policy or any requests regarding the Processing of your Personal Data, please contact our Data Protection Officer via dpo@cheerfy.com.

  1. Definitions

    Personal Data:means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.

    Basic Profile Information:means Personal Data you provide us with during the registration process and while using our Services which will include, inter alia: your name, date of birth, age, sex, photographic material, city and/or country of residence and/or birth, email address, phone number, credentials to access some or all of this information on your social network profiles (Facebook or LinkedIn) as well as information that is publically available on those profiles.

    Business Specific Information:means Personal Data collected through customer surveys and during your visit to a Business’ premise, including inter alia: date, time, duration and frequency of your visits, your presence at a Business Premises, your preferences observed by the Business as well as information we collect when you visit our website or use our mobile applications like, inter alia: the full Uniform Resource Locators (URL) clickstream to, through and from our Services (including date and time), page response times on websites, download errors, the length of visits to certain areas, page and mobile application interaction information (such as scrolling, clicks and mouse-overs), and the methods you are using to browse away from pages.

    Device Information:means Personal Data relating to technical information that is automatically collected in order to provide the service to you such as the Internet protocol (IP) address used to connect to the internet, login information, browser type and version, time zone setting, browser plug-in types and versions, device model, operating system and platform as well as the MAC (Medium Access Control) address of your device, which is a unique identifier assigned by the device manufacturer.

    Processing:means any operation which is performed on Personal Data, such as collection, recording, organising, structuring, storing, adaptation or any kind of disclosure or other use.

    Businesses:means the businesses who have subscribed the CHEERFY Business service.

    Business Affiliates:means any entity controlling, controlled by, or under common control with the Business, any entity operating under the same brand as the Business or the owner of the venue visited.

  2. Purposes of the Processing

    In this section, we have set out information about the Personal Data we Process, the purposes we use the Personal Data for and the legal bases for the Processing of your Personal Data.

    1. If you want to use our Services you need to register at a Business by connecting with a Wi-Fi device (e.g. a smartphone, tablet, or computer) to the Wi-Fi Network owned by each Business visited. During the registration process and while using our Services you provide us with Basic Profile Information and Business Specific Information. The legal basis for this Processing of your Personal Data is Art. 6 (1) 1 lit. b GDPR.
    2. During your visits to a Business’ premises we will collect Business Specific Information. The legal bases for this Processing of your Personal Data are Art. 6 (1) 1 lit. b and f GDPR. We Process this Personal Data in order to pursue our legitimate interest to maintain the CHEERFY Services targeted towards specific End Users and Businesses.
    3. When you visit our website or use our mobile applications, we will collect additional Business Specific Information. The legal bases for this Processing are Art. 6 (1) 1 lit. b GDPR and Art. 6 (1) 1 lit. f GDPR. We Process this information to pursue our legitimate interests to analyse the usage of our Services and to enhance your user experience.
    4. If you are browsing through the internet during your visit to a Business’ premises, we will never monitor your activity. Note a Business may restrict at its own discretion access to certain websites.
    5. Additionally, CHEERFY will collect any phone number that is used to call our customer service as well. The legal bases for this Processing of your Personal Data are Art. 6 (1) 1 lit. b and Art. 6 (1) 1 lit. f GDPR. We Process this information to pursue our legitimate interest to provide you with adequate customer support.
    6. While you use our Services, we may automatically collect Device Information. The legal basis for this Processing is Art. 6 (1) 1 lit. b GDPR.
    7. In order to distinguish one End User from another, we may use your Device Information to automatically identify you at your arrival at a Business’ premises and authenticate your device when you are using our Services. The legal basis for this Processing is Art. 6 (1) 1 lit. f GDPR. We Process this information to pursue our legitimate interest to increase the usability of our Services and to provide our Services in a more user friendly way.
    8. To enhance your experience while using our Services and to provide you with targeted Services and information, CHEERFY Processes certain Personal Data to send you information and direct advertising via electronic messages for goods or services similar to the ones you have already obtained and to analyse the acceptance of the electronic advertising (e.g. by recording whether you have read an electronic message or clicked on links). The legal basis for this Processing of your Personal Data is Art. 6 (1) 1 lit. b GDPR.
  3. Disclosure of Personal Data

    In this section, we have set out information about the parties to whom your Personal Data may be disclosed and the legal bases for the disclosure.

    1. In order to provide our Services to you, we will disclose your Personal Data to recipients residing in or outside the European Economic Area (“EEA”).Please notethat Business Specific Information will only be shared with the specific Business which you visited while this information was collected and its Business Affiliates. Device Information will only be shared with our Service Providers. The recipients of the aforementioned Personal Data encompass the following categories:
      1. The Businesses you visit
      2. Business Affiliates of the Businesses you visit

        Service Providers (“Processors”) which helps us to provide our Services to you.

        The legal basis for this disclosure of your Personal Data to recipients mentioned in (a) and (b) is Art. 6 (1) 1 lit. b GDPR. To ensure that the transfer does not disproportionately interfere with your rights and freedoms, and in order to determine the respective responsibilities for compliance with the obligations under the EU General Data Protection Regulation, an agreement was concluded between us and the above mentioned parties. This agreement constitutes an arrangement between joint controllers in the meaning of Art. 26 GDPR and regulates (i) the transfer of the Personal Data collected and the limitation of use of such transferred Personal Data for the provision of our Services, (ii) technical and organisational measures to be taken by us and the third parties to protect the transferred Personal Data and (iii) your rights with regard to the transferred Personal Data as described below and the fact that those rights can be exercised against us or any of the third parties.

      3. In the scope of our Processing activities mentioned above, we will disclose your Personal Data to other Processors residing in the EU mentioned in (c) that will assist us in providing our Services and Process your Personal Data on our behalf and under our control. The legal basis for this disclosure of your Personal Data is Art. 28 GDPR.
      4. Please note:To ensure that your Personal Data will be used only to the extent necessary and in compliance with legal requirements and our instructions, we have bound our Processors by concluding Data Processing Agreements with them. This way, we made sure that your Personal Data will be Processed only for the purposes mentioned above.
      5. Please note that your data may be transferred to a third country outside the EEA. Those countries may not provide adequate level of data protection. CHEERFY shall ensure that such a transfer will be performed either to countries which have adequate level of data protection (according to the European Commission’s Adequacy decisions) or CHEERFY will conclude Standard Contractual Clauses with each recipient that reside in a country which is not covered by an Adequacy decision of the European Commission. The Standard Contractual Clauses can be viewed here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
  4. Retention periods

    We strive to limit our Processing activities with respect to your Personal Data. Your Personal Data will, therefore, be retained only for as long as you remain registered for our Services and, if applicable, as long as required by statutory retention requirements. If you close your CHEERFY account, we will delete all Personal Data we hold about you.

  5. Registration for our Services

    In order to use our Services, you need to register. We process the Personal Data mentioned in section 2 of this Privacy Policy in order to provide you with our Services. All further information is provided voluntarily by you.

  6. Automated decision making

    We use your Personal Data to perform automated decision making including profiling. These decisions are used to provide the CHEERFY Services targeted with respect to specific End Users and Businesses and are based on products and services that each Business considers relevant to you based on your Personal Data and your visits to the Business Premises.

  7. Data security
    1. Please note that the transmission of information via the Internet is not completely secure. Although we will do our best to protect all Personal Data, we cannot guarantee its security when it is transmitted via our Services; any transmission takes place at your own risk. However, once we have received your Personal Data, we will use strict procedures and security features to prevent unauthorised access.
    2. The CHEERFY mobile applications and website may, from time to time, contain links to and from the mobile applications and websites of our partner networks, advertisers and affiliates. These mobile applications and websites have their own Privacy Policies and we do not accept any responsibility or liability for these Policies. Please check the respective Privacy Policies before you submit any Personal Data to these websites and mobile applications.
  8. Your rights

    In this section, we have set out information about your rights regarding our Processing of your Personal Data. Depending on the specifics of the case, you may be entitled to exercise some or all of the following rights. You may:

    1. require (i) information whether your Personal Data is retained and (ii) access to and/or (iii) duplicates of your Personal Data retained, including the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed and where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
    2. receive your Personal Data in a structured, commonly used and machine-readable format and transmit your Personal Data to another controller without our hindrance; where technically feasible you may have the right to have the Personal Data transmitted directly from us to another controller;
    3. request proper rectification, erasure or restriction of your Personal Data, e.g. because it is incomplete or inaccurate, it is no longer needed for the purposes for which it was collected, the consent on which the Processing was based has been withdrawn, or you have taken advantage of an existing right to object to the Data Processing; in case the Personal Data is Processed by third parties, your request for rectification, erasure or restriction will be forwarded also to such third parties unless this proves impossible or involves disproportionate effort;
    4. refuse to provide and – without impact to data Processing activities that have taken place before such withdrawal or to any other existing legal justification of the Processing activity in question – withdraw your consent to Processing of your Personal Data at any time;
    5. take legal actions in relation to any potential breach of your rights regarding the Processing of your Personal Data, as well as to lodge complaints before the competent Data Protection Regulators; and/or
    6. require tonot be subject to any automated decision making, including profiling (automatic decisions based on Data Processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or affects you with similar significance.

      Additionally, you shall be entitled to object to the Processing of your Personal Data:

    7. at any time, if your Personal Data is used for direct marketing purposes; and
    8. based on grounds relating to your particular situation, if your Personal Data is Processed for other purposes.

Last modified: 24th May 2018