UPCARTA IN-APP PRIVACY POLICY

As Upcarta, we prioritize the protection and privacy of your personal data. We adhere to the standards set forth by the Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"). Our commitment to safeguarding your information is outlined in this comprehensive Privacy Policy, elucidating our practices related to data collection, processing, and security.

The scope of individuals from whom we collect and utilize data includes customers (or users) and any affiliated third parties connected to these customers. It encompasses all individuals with whom our organization maintains a relationship or may need to communicate. This Privacy Policy applies to the processing of any personal data by our organization through the Upcarta App (“App”)

1. Data Controller

Your data is processed by "Upcarta" through various monitoring tools and outsourcing processes on Upcarta App (“App”) by the GDPR. You can find your data processed depending on your actions on the App within the scope of this In-App Privacy Policy ("Policy").

2. Data Processor

In addition to Upcarta as the data controller, the data may be accessible in certain cases to specific individuals involved in the operation of this App (administration, sales, marketing, legal, system administration), or to external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) who, if necessary, have been appointed as data processors by us to process your personal data on our behalf. Our data processors and the data they process are listed as follows;

• Google Analytics: Processes data such as name, IP-number, user behavior, and e-mail address for data storage, processing, and analysis.
• Mixpanel: Mixpanel’s use of collected information is detailed in the "Privacy Policy" section of its [terms of use]. You can opt out of Mixpanel’s automatic data retention.
• App Center – Beta Testing: Processes personal data such as country, device information, email address, first name, usage data, and user ID.
• TestFlight: Processes app information, device information, email address, and first name.
• Google Play Beta Testing: Processes device information, device logs, email address, and first name.

3. Method of Collection and Processing of Personal Data, Purpose of Processing and Legal Reason 

Android/IOS device collects your personal data at any time when you use the App or when you want them to be tracked according to the App's features and the scope of the permission you may and will give. We employ robust security measures to prevent unauthorized access, disclosure, alteration, or unauthorized destruction of the data. The data processing is conducted using computers and/or IT-enabled tools, strictly adhering to organizational procedures and modes that align with the indicated purposes. In case we need to list their processing purposes according to the nature of your collected and trackable personal data collected;

Collected Data	Intended Use	Legal Grounds
Full name, e-mail address, user ID	They are processed when users sign up the App.	Pursuant to Article 6/1(a) of the GDPR, subject to the User’s consent
Twitter Login ID	They are processed in case the user logs in with Twitter.	Pursuant to Article 6/1(a) of the GDPR, if the User chooses to log in with the Twitter option, subject to the User's consent
Google Login ID	They are processed in case the user logs in with Google.	Pursuant to Article 6/1(a) of the GDPR, if the User chooses to log in with the Google option, subject to the User's consent
Twitter Followers/List data	They are processed in case the user logs in with Twitter.	Pursuant to Article 6/1(a) of the GDPR, if the User chooses to log in with the Twitter option, subject to the User's consent
Activity data	They reveal data regarding the time the user spends on the App.	Pursuant to Article 6/1(f) of the GDPR, necessary for the legitimate interests of the controller providing that it does not override the interests or fundamental rights and freedoms of the data subject
Device information	On the App, the IP address, the hardware and software information of the device are processed.	Pursuant to Article 6/1(f) of the GDPR, necessary for the legitimate interests of the controller providing that it does not override the interests or fundamental rights and freedoms of the data subject
Marketing and communications data	They are processed to send the users newsletters and emails.	Pursuant to Article 6/1(a) of the GDPR, the User chooses to receive newsletters and emails by changing their device or account settings

It is important to note that users are responsible for any third-party personal data obtained, published, or shared through the App. They affirm that they have received the third party's consent to provide the data to the data subject.

4. Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Transfer of the Personal Data

As Upcarta, we share your personal data with our business partners we work with to provide the features in the App under confidentiality obligations. Your personal data is shared if required by law or to enforce our terms or this Privacy Policy.

In cases where our data processors transfer your personal data outside the EU/EEA, we ensure that the level of protection is adequate and compliant with applicable law by verifying one of the following:

• The EU Commission has determined that the third country where the data is processed provides adequate protection.
• The Processor has signed the EU Commission’s standard contract clauses for data transfer to non-EU/EEA countries.
• The Processor has taken other appropriate safeguards prior to the transfer, in compliance with applicable law.

We have entered into Data Processing Agreements (DPA) with all our processors, outlining how they may process the personal data and the security measures required for processing.  We may also need to disclose your personal information to certain designated authorities to fulfill obligations under applicable law or legally binding judgements.

6. Data Retention

We retain your personal data only as long as it is necessary to provide you with the App and for legitimate and essential business purposes. If you use the App, we keep your personal data. Should you request it, we will delete or anonymize your personal data unless we are legally allowed or required to maintain it. In the event of a complaint or if we reasonably anticipate potential litigation, we may retain your personal data for a longer period.

7. Data Protection

At Upcarta, your data security is our top priority. We have implemented a variety of organizational and technical security measures to protect your personal data. These include:

• Organizational Security Measures: We have established secure work methods and routines such as robust login and password management to protect your data.
• Technical Security Measures: Our technical solutions include, but are not limited to, encryption, access control levels, access logs, firewalls, regular back-ups, and routine security inspections to ensure the safety of your data.

Any personal data collected by us is accessible only by a select group of employees who have special access rights to our systems. These employees are obligated to maintain the confidentiality of your data. When we use subcontractors to store your data, we ensure that we do not relinquish control of your personal data or expose it to security risks that would not have arisen had the data remained in our possession.

It is important to note that no transmission of data over the internet can be guaranteed to be entirely secure. Potential third parties, not under the control of Upcarta, could possibly intercept or access transmissions or private communications unlawfully. While we strive to protect your personal data, we cannot ensure or warrant the absolute security of any personal data you transmit to us. Therefore, any such transmission is done at your own risk.

8. Third-Party Links

The App includes links to third-party websites, plug-ins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We recommend you review the privacy policy of every website you visit when you leave the App.

9. Your Rights

Pursuant to Chapter 3 (Art. 12 - 23) and Chapter 8 (Art. 77 - 84) of the GDPR, by contacting Upcarta through the methods in the "Contact" section of this Policy, you have the rights to

• Learn whether your personal data is being collected,
• Request information if your Personal data has been collected,
• Learn the purpose of collecting personal data and whether they are obtained in accordance with their purpose,
• Learn whether your personal data is being processed,
• Request information if your personal data has been processed,
• Learn the purpose of processing personal data and whether they are used in accordance with their purpose,
• Know the third parties to whom your personal data is transferred domestically or abroad,
• Request rectification of your personal data if they are inaccurate or incomplete,
• Withdraw consent to processing your personal data,
• Request the erasure of your personal data (Right to be forgotten),
• Request the restriction of processing your personal data,
• Request notification regarding any rectification or erasure of your personal data or restriction of processing,
• Receive your personal data in a portable format and to transmit those to another controller without hindrance,
• Object at any time to processing of your personal data,
• Lodge a complaint with a supervisory authority due to the unlawful processing of personal data,
• An effective judicial remedy due to the unlawful processing of your personal data,
• Right to receive compensation for the material or non-material damage incurred due to the unlawful processing of your personal data.

10. Policy Changes Notification

We regularly review and update our Privacy Policy, with all revisions made available on this webpage. The current version is dated 14 July 2023 By using Upcarta, you agree to the data collection and usage outlined in this Privacy Policy. Continued access or use of Upcarta will be regarded as your explicit acceptance of any changes to this Privacy Policy.

11. Contact

You can send your applications to Upcarta’s e-mail address info@upcarta.com which is the e-mail address of Upcarta as the data controller allocated for this application procedure, via your registered e-mail on the system or in writing to Upcarta’s address specified below (We would like to remind you that in cases where the relevant request must be made pursuant to a certain procedure as required by law, this procedure must be followed).

Address:

Upcarta (1416 Digital Ltd)

Demsa Accounts, 278 Langham Road,

London, United Kingdom  

N15 3NP

Phone: +905550645537