InCode PRIVACY POLICY

 

 

InCode Privacy Policy (the “Policy”) explains all the privacy matters you may face when using our website, shiyour.com and InCode’s mobile (the “App”), jointly the “Service”. (“InCode” or “we”). 

 

This Policy is an integral part of (the “Terms”) and incorporated by reference into them. Please read this Policy carefully and if you have any questions, feel free to contact us at shiyour@htomail.com. In case you have any ongoing questions about how to exercise your rights, etc., you may also contact us at shiyour@htomail.com.

 

By using the Service, you agree that collection and processing of your data will be covered by the terms of this Policy.

 

 

1.    Initial Notice to Users

 

1.1         Here, at InCode, we strive to protect your privacy. It goes without saying, by being a place for building the best connections between people, that the App exists as a vast social network, where users may share their experience, show emotions and just be themselves. All of those actions are connected to personal data sharing. Your “personal data” or just “data” means any information linked with you or the one that may identify you directly or indirectly as a person.

1.2         Privacy tips. Despite our best efforts, we cannot control how other users or third-party services may use your data. When using InCode, you should presume that everything you post, share or message on the App may be publicly viewable and accessible, both by InCode users and people outside the App. We want you to be careful about going public with your data, thus, we kindly ask you to follow our privacy recommendations as below:

 

(a)  when you post information about yourself or use the messaging function, the amount of personal information you share is determined at your own risk.

(b)   you share information with other users when you voluntarily disclose information on the Service (including your InCode profile). That is why we recommend and encourage you to think carefully about the information you disclose about yourself. Please be careful with your data and make sure that the information you publish is data you feel comfortable being publicly viewable; 

(c)  we do not recommend that you put email addresses, URLs, instant messaging details, phone numbers, full names or addresses, credit card details, national identity numbers, drivers’ licence details and other important data on your InCode profile or send that data via direct messages to people that you do not trust;

(d)  we do not recommend that you share your sensitive data (religious denomination, sexual preferences, health details, political leanings, any kind of addictions, etc.) with other users. If you really desire to share this data safely (so as to set up more relevant connections, etc.), you may use InCode tags features;

(e)  photos that you share via InCode may reveal much information about you; please inspect all of them for data or objects that you do not want to go public with before you upload or share your photos;

(f)    please make sure you log out of your InCode profile after use from either yours or a third-party’s device since you never know who may get access to them;

(g)  please do not share your access credentials (login, email, password, phone number, etc.) to InCode or other social media profiles with anyone else;

(h)  we recommend that you change your InCode and other social media password from time to time;

(i)    if you think or even have the slightest suspicion that someone may have had access to your InCode or social media profile or access credentials, first of all, change them immediately; if you lost your access to the profile owing to third-party activity, we recommend that you contact us at shiyour.com (if there is no access to InCode profile) or report the issue to the relevant social media platform; 

(j)    we kindly draw your attention to the fact that you are the only person who must care about your access credentials’ safety. Remember that in the event they are compromised, a third party may get your data. We cannot guarantee your data security if you lose control of your account and do not notify InCode about the issue.

 

 

2.    Changes and Updates to Policy

 

2.1         Reasons of Updates. We may revise the Policy according to new developments or advances in legislation and the broader data protection landscape from time to time, so please check this page regularly to ensure you’re always up -to-date with any changes.

2.2         Communication on Updates. If we make any changes hereto that, in our sole discretion, are substantial, we will notify you by email (to the address associated with your profile) or via the App, post a notice within InCode Services or make a notification appear in your profile when you next log in to InCode before amendments become effective. A notification regarding other changes may be rendered to you by publishing at https://shiyour.com/privacy 

 

 

3.    Your Data Controller and Data Processors; Third Parties Accessing Data

3.1         Information about who processes your data and with whom we may share your data is considered to be one of the most vital points you should know, so we place this article here, in the Policy's beginning. In this section, we also explain what third-party sources we may use to receive your data from.

3.2         Roles and Definitions. The first you should know is information about your data controller and processors. The data controller is an entity that determines the purposes and means of the processing of the data. The data processor is an entity that processes the data on behalf of the controller. A third party is a person whose access to the data depends on their rights or duties.

3.3         Data Trading. InCode does not sell your data and has not sold your personal data in the previous 12 months.

3.4         Third Parties: Other Users and social media. Some of your data is publicly available; it means that other users of InCode may have access to your data with which you go public.

3.5         Third Parties: Law Protection and Enforcement Bodies; Attorneys-at-Law. InCode is a place free of any kind of abuse, violence, laws and third-party rights infringement. We designed InCode as a safe harbor for people to be themselves and express their emotions. We do our utmost to protect our biggest value, sense of security of our users, so we may disclose your data to third parties in the following cases:

 

(a)  we will cooperate with law enforcement inquiries from within or outside your country of residence where we are required to by law, where there is an investigation into alleged criminal behaviour or to protect the vital interests of a person. We may share any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with;

(b)  we will disclose your data if it’s necessary so as to comply with a judicial proceeding, court order, or legal request of a state body (a law protection or enforcement body). We may share any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with;

(c)  we may also cooperate with all third parties to enforce their intellectual property or other rights in the event we are notified of an offence by one of our users. Still, we will share your data if we receive respective and motivated legal request of such by the third party’s attorney-at-law, proving your violation only. We may share any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with. Please note, if we find no proof sufficiently established in an inquiry, we will not disclose your data;

(d)  society may be cruel at times; wrong words or actions of others may hurt. Still, this is not a reason to harm yourself. Here, at InCode, we believe that every issue can be fixed, and we are ready to share contact details of our partners who may offer professional help. If we detect suicidal behavior by our users, we may report such a case to the police or professional non-governmental organization, so as to prevent our users from making the biggest mistake of their lives. We may share your name, contact details and geolocation with those bodies;

(e)  we may transfer your data to a respective law protection or enforcement body if we detect illegal activity or we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person. We may share any personal data that we hold about you, depending on the nature of the violation or the issue that we are dealing with; and finally

(f)    we will share your data with our lawyers, a court, arbitrators, or any authorized professional etc. if we detect your conduct is in breach of our Terms of Use or any integral parts thereto or in order to protect the rights and property of InCode, its affiliates, or the public or to comply with legal and regulatory obligations.

4.    InCode’s Approaches toward Children’s Privacy

4.1         Age Restrictions. We restrict persons who are under the age of 18 (or the age of legal majority in their place of residence) from using the Services and we do not knowingly collect personal information from anyone under the age of 18.

4.2         Notify Us. In the event that we become aware that we have collected personal information from any person who is under 18 years old (or the age of legal majority), we will dispose of that information in accordance with Children’s Online Privacy Protection Act (COPPA) and other applicable laws and regulations. If you are a parent, guardian or you believe that a user is underaged, please contact us by email at shiyour.com or report a profile via the relevant feature in the App. 

4.3         Our Steps. If we become aware that a person under the age of 18 has registered with InCode and provided us with incorrect personal information, we will take steps to terminate that person’s registration and delete all relevant registration data from InCode. 

 

5.    Collection of Personal Data

5.1         In this article we explain what data we collect (categories and a full list of data), sources we get your data from, purposes for which the data is used and our legal basis to process your data. Here, we also share some useful data privacy tips with you. 

5.2         Categories of Personal Data. In the event you are a resident of the State of California, you may find a data on categories of your personal data;

 

(a)  identifiers such as a real name, alias, unique personal identifier, online identifier, internet protocol address, email address, account name, driver’s license number, passport number or other similar identifiers (CCPA category A);

(b)  personal information, as defined in the California customer records law, such as name, physical characteristics or description, telephone number, passport number, driver’s license or state identification card number, education, employment, bank account number, credit card number, debit card number, or any other financial information, medical information (CCPA category B);

(c)  characteristics of protected classifications under California or federal law (if you choose to provide them), such as age, gender identity, sexual orientation, race, religion, political views (CCPA category C);

(d)  commercial information, including records of products or services purchased or other purchasing or consuming histories or tendencies (CCPA category D); 

(e)  internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement (CCPA category F);

(f)    geolocation data, such as mobile device location (CCPA category G);

(g)  audio, electronic, visual and similar information, such as photos and videos (CCPA category H);

(h)  professional or employment-related information (CCPA category I);

(i)    inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics or a summary of these characteristics (CCPA category K).

 

In the event you are a European Union resident you may find a data on categories of your personal data that we may collect in accordance with GDPR following the previous list. In particular, the personal data that falls within the special categories (racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation) will only be collected if you choose to provide them and expressly consent so (as considered in GDPR Article 9.2.a).

 

5.3         Legal Bases. Legal bases are the grounds set forth by the GDPR on which we may process your data. We rely on following legal bases:

 

(a)  performing of the contract with you — the main legal basis that we use to process your data. It includes mostly everything we do to provide you with services, under our Terms of Use and their appendices. You may restrict us from processing of your data, but please be advised that, in such a case, we will not be able to provide services to you. Please see section 8 to find out more;

(b)  legal obligation — we may process your data when we have a legal obligation when it is required by applicable laws, e.g., in order to prevent fraud, assist law protection and enforcement bodies. 

(c)  Legitimate interest – we have a commercial interest to process with your personal data that is justified, balanced and does not infringe on your privacy (e.g. statistical reporting). Where the legal basis is legitimate interests, you have a right to object to our use of your data. Please see section 8 to find out more;

(d)  consent — we may process some of your data when we have your consent to do so. Where the legal basis is consent, you can withdraw consent at any time. Please see section 8 to find out more.

 

5.4         You hereby acknowledge and agree that we may receive your personal data from any third parties (other users, any official bodies, third-party providers, etc.) when you connect your InCode profile with other services, when we receive enquires, court orders, subpoenas, claims, etc 

 

5.5         We do not collect or store full credit card number information, though we may receive credit card-related information to help process future payments and summary information about transactions that do not include credit card or bank account numbers.

 

5.6         From time to time we may start surveys/feedbacks for research purposes and we may contact you to find out if you would like to take part. We may also contact you to find out if you would like to take part in marketing campaigns. Such activities are optional. If you do not wish to be contacted to take part in a survey or marketing campaign, please contact us at shiyour.com or via the respective in-App feature. If you do not want to contact us but you also do not want to participate in our activities, please ignore our messages.

 

5.7         Since we rely on your consent to show you personalized ads, you are entitled to revoke your consent anytime and request that we stop using personalized ads towards you. Please contact us at shiyour.com to strike off your consent. Meanwhile, if you opt-out of targeted advertising you will still see ads, though they will be less relevant to you.

 

 

6.    Duration and Location of Processing; Data Transfer

 

6.1         Data Retention. Your data will be stored within the term of your use of the Services and up to the termination of such use (or upon agreement between you and InCode) which means the deletion, blocking or suspension of your account on the mobile application and the restriction of your further use of the mobile application; we shall terminate the processing of your personal information, unless the special retention period for the storage of such data is set by the relevant legislation at the time.

 

6.2         Exemptions. In practice, we delete or anonymize your information upon termination of your profile or after two years of your continuous inactivity. There may be special rules applied in case that:

 

(a)  we must hold your data to comply with applicable laws;

(b)  we must hold your data to evidence our compliance with applicable laws;

(c)  there is an outstanding issue, claim or dispute requiring us to hold the relevant data until it is resolved; or

(d)  your data must be kept for our legitimate business interests, such as fraud prevention and enhancing users’ safety and security.

 

6.3         Terms of Deletion. All your data is to be fully erased (or anonymised) within 7 calendar days following deletion of your InCode profile, except:

 

(a)  in-app features and subscription purchases which are being retained during the term of your subscription and 5 years from the deletion of your user account;

(b)  support tickets, emails with our support team and your name (as identified in your email), as part of support tickets data that are being retained during the term of your subscription and 5 years from the deletion of your user account;

(c)  hashed email address, phone number, IP address, profile ID (including, InCode ID, Facebook ID, Snapchat ID, Apple ID) and device ID (NOT a device IMEI) associated with banned account which are being retained during the term of your subscription and 5 years from the deletion of your user account owing to our legitimate interest;

 

6.4         Leftovers. When your account is deleted (as well as your data) from the Services, copies of your data may still be viewable, if your data has been previously shared with others, or copied or stored by other users or other third parties. We cannot control this, nor do we accept any liability for this. If you have given third party applications or websites access to your data, they may retain such information to the extent permitted under their own privacy policies.

 

6.5         Removed and deleted data may be hosted in backup copies for up to 30 days, but will not be available to others in the meantime. We put that backup data ‘beyond use’. At the end of this period, these data will be permanently deleted.

 

6.6         At all times you are entitled to restrict us to process your data by sending to us a data erasure request or a notice of prohibition to process your data. Please be warned that: 

 

(a)  such action prohibits us to process your data and/or makes us delete your data so you will lose your access to the Website and Services;

(b)  if your InCode profile is banned, a data erasure request will not release you from prohibition to use InCode Services;

(c)  if your profile is blocked, your other InCode profiles may also be blocked as part of our anti-spam and anti-fraud procedures.

 

6.7         Enforcing of Prohibition to Use InCode. In the event that your profile is blocked, banned or otherwise disabled owing to any violation of applicable law or a violation of the Terms of Use or the provisions of this Policy, you will be prohibited from further creation of new profiles and using the Services again. Accordingly, we will keep on processing data in order to prevent your further registration and potential violations. Please note that: 

 

(a)  the technical data is not subject to erasing under article 17 of the GDPR; hence, we will process it on the basis of our legitimate interest, which is a separate ground of processing;

(b)  our legitimate interest does not outweigh your right to privacy, because the way that we use the technical data does not significantly impact your privacy, and we have a compelling reason to do so (recital 47 of the GDPR). This reason is to restrict you from breaching yet another obligation under the Terms of Use and potentially harm us or our users;

 

 

7.    Tracking Technologies

 

          Cookie Policy. We use cookies and other tracking technologies to improve your user experience and obtain data about how the website is being used. This data enables us to develop and optimize the Website and make the use of the Services more comfortable for you. Please read out Cookie Policy to find out more.

 

 

8.    Your Data Privacy Rights

 

8.1         Being a data subject, you have the following rights:

 

(a)  a right to request access to your data: you can ask us what personal information of yours is being processed, as well as for clarifications on the information described above, i.e. purpose of collecting and processing, period of processing, third parties that have access to information. To exercise this right please contact us at shiyour@htomail.com;

(b)  a right to request us to rectify your personal information: you can ask all the inaccurate personal information concerning you been corrected. You can also complete the personal information if you feel there is a need to do so. To exercise this right please contact us at shiyour.com or use a specific area of your profile. Additionally, we are happy to note that there is the alternative way to amend your data. You control your InCode profile, so are able to correct or update (other than your mobile number and location (the latter is automatically updated)) your information at any time by just logging in to InCode and using the respective settings; 

(c)  a right to request us to erase personal information: you can request us to erase such data in the following circumstances: (i) where you believe it is no longer necessary for us to hold that personal data, (ii) where we process it on the basis of your consent and you wish to withdraw your consent, (iii) where we process your personal data on the basis of our legitimate interest and you object to such processing, (iv) where you no longer wish us to use your personal data to solicit you commercially, or (v) where you believe that we are unlawfully processing your personal data. In most cases we will erase it ourselves, unless otherwise required by legislation. To exercise this right please contact us at shiyour@htomail.com;

(d)  a right to request us to restrict the processing of your data: for example, (i) if you contest the accuracy of your data being processed or, (ii) if the processing is unlawful and you object to its deletion, (iii) if you believe that we no longer need your data but it is still necessary for the establishment, exercise or defence of legal claims, or (iv) if you have objected to the processing of the data we hold about you. To exercise the right please contact us at shiyour@htomail.com. Additionally, we are happy to note that there is an alternative way to exercise your right toward geolocation data by yourself. If you have location services enabled, but you desire to turn them off, you can do so by taking the following steps: (i) iPhone App — Settings, Privacy, Location services, InCode; or (ii) Android App — Settings, Location, InCode, Permissions, Location; 

(e)  the right to object to the processing of your personal data: you have the right to object to the processing of your personal data by our services and we will consider your request. To this purpose, please provide us with details of your reasoning so that we can assess whether there is a legitimate and compelling reason for us to continue processing the data or whether we need to process it for the exercise or defence of our legal rights.

(f)    a right to withdraw your consent for the collection and processing of your data by us: you can revoke your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To exercise the right please contact us at shiyour@htomail.com;

(g)  a right to lodge a complaint with supervisory authority: if you are a UK resident, you have the right to complain to the Information Commissioner’s Office (ICO) whether you have any grievance against the way we collect, use or share your data; and a right to data portability: you may request to receive the data we hold about you in a structured, commonly used and machine-readable format, and the right to request that we transfer such data to another party (i) if the processing is necessary for the performance of the contract or (ii) if the processing is based on your consent and where the processing is carried out using automated processes. to exercise the right please contact us at shiyour@htomail.com;

(h)  The right to give post-mortem instructions: you have the right to set out instructions for the retention, deletion and disclosure of your data after your death.

 

8.2         We will provide information on action taken on your request related to your rights specified above within one month of receipt of the request, at the longest. That period may be extended by two additional months, if we are overwhelmed by the number of requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

 

9.    Notice to California Residents 

 

9.1 California Civil Code, Section 1798.83, also known as the “Shine The Light” law, grants our users who are California residents some specific rights. Section 9 here applies to California consumers only. This section also provides additional details about how we process personal data of California consumers and the rights available to them under the California Consumer Privacy Act.

 

 

9.2         We do not sell your data, so no opt-out choice is necessary. It means that we do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate, in any way, your data to another company for monetary or other valuable consideration.

 

9.3         To submit an access or deletion request, contact us at shiyour@htomail.com. To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your data or complying with your request. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

 

 

10.                  Data Subjects’ Access and Erasure Requests

 

10.1      Method for Submitting Requests. You may exercise your right to file a request to access or delete your data by contacting us at shiyour.com or via the App.

 

10.2      Timeframes. In the event you submit your request to us, we will act as follows: 

 

(a)  within 10 business days following α confirmation of receipt of your letter, we shall request that you provide us with relevant data for a verification procedure;

(b)  if you are a California consumer, we will have 45 calendar days following the date of your request to process your request. In the event of your failure to pass the verification process within 45 calendar days, we may deny your request or prolong the term of processing up to additional 45 calendar days; please be sure that we will notify you about our decision;

(c)  if you are an EU or UK user, we will have 30 calendar days following the date that you provide us with the data required for verification to process your request. In the event of your failure to pass the verification process, we may deny your request. We are entitled to prolong the response term up to 2 months by giving you a notification.

 

10.3      Verification. The most important step is the verification process. We will first check that we have enough information to be sure of your identity. Often, we will have no reason to doubt a person’s identity (if you contact us via the App, for example). However, if we have good grounds to doubt your identity, we may ask you to provide additional evidence we reasonably need to confirm your identity. For example, we may ask you for a piece of information held in your profile that we would expect you to know: your location, last 5 connections, etc. If we have serious doubts about your identity, we may ask you to share with InCode your photo with your ID document or an image of your ID document. In the event you fail the verification process, your request will be rejected.

 

 

 

11.                  Third-Party Websites

 

       The Services may contain links to websites operated and maintained by third parties, over which we have no control. Privacy policies of such linked websites may be different from this Policy. You access such linked websites at your own risk. Similarly, the Service may be accessed and used by third-party websites that we do not control. We have no control over the privacy policies of such third-party websites, and you access such third-party websites at your own risk.

 

 

12.                  Data Protection; Security

 

12.1      We incorporate commercially reasonable safeguards to help protect and secure your data. However, no electronic data transmission or storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure or warrant the security of any information you transmit to us, and you use the Service and provide us with your information at your own risk.

 

12.2      To help protect you and others, we may monitor your use of the Services and use your personal data and/or other information we collect in order to: identify fraudulent activities and transactions, prevent abuse of and investigate and/or prosecute potential threats to or misuse of the Service, ensure compliance with the Terms of Use and this Policy, investigate violations of or enforce these agreements and protect the rights and property of you, InCode, its partners and other customers. This security monitoring may result in the collection, recording, and analysis of online activity or communications through the Services. If you do not consent to these conditions, you must discontinue your use of the Services.

 

12.3      We regularly monitor our systems for possible vulnerabilities and attacks and regularly review our information collection, storage and processing practices to update our physical, technical and organizational security measures.

 

12.4      TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW, WE EXPRESSLY DISCLAIM ANY REPRESENTATION OR WARRANTY, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO ANY BREACHES OF SECURITY, DAMAGE TO YOUR DEVICE, OR ANY LOSS OR UNAUTHORISED USE OF YOUR REGISTRATION INFORMATION OR OTHER DATA.

 

 

13.                  Reach us Out

 

We would be glad to hear from you. If you have any questions regarding this Policy, please contact us at shiyour.com or shiyour@htomail.com