Last Updated: May, 26, 2022
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us or if you are aware that any personal data, we hold is inaccurate.
We recognize the importance of children’s safety and privacy. The Idoru Services are not designed to attract children and are not intended for use by any children under the age of 13. We do not request, or knowingly collect, any personally identifiable information from children under the age of 13. If you are the parent or guardian of a child under 13 who has provided her or his information to us, please contact us at email@example.com to request the deletion of that information.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes (but is not limited to) first name, last name, username or similar identifier, title, and year of birth.
- Contact Data includes (but is not limited to) billing address, residential address, email address and telephone numbers.
- Transaction Data includes (but is not limited to) details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes (but is not limited to) internet protocol (IP) address, unique mobile device identification numbers, type of device, login data, browser type and version, time zone setting and geo location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Idoru Services.
- Profile Data includes (but is not limited to) your login details, purchases or orders made by you, preferences, feedback, and survey responses.
- Usage Data includes (but is not limited to) information about how you use the Idoru Services.
- Marketing and Communications Data includes (but is not limited to) your preferences in receiving marketing from us and our third parties, news about our products and your communication preferences.
If you decide to make a payment for any of our products and services, your Financial Data, which includes your bank account and payment card details, will be collected and processed by our external payment service provider. We will not have access to, collect, use, store or transfer your Financial Data.
We may collect Special Categories of Personal Data about you (this includes details about your race or ethnicity and sexual orientation, ) if you choose to provide this information to us. This information is used as part of our impact model. While you may choose to provide this information, it is completely optional to do so and your use and enjoyment of the Idoru Services will not be impacted if you choose not to provide this information. Any use of this information by us will be in an anonymized and aggregated form. If you have any questions about our collection or use this information, please feel free to contact us.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your device. This software may record information such as aggregated usage and performance data. We do not link the information we store within the analytics software to any personal information you submit within the Idoru Services.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us.
HOW YOUR DATA IS COLLECTED
We use different methods to collect data from and about you including, but not limited to:
- Direct interactions. You may give us your Identity Data, Contact Data and Financial Data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:
- make purchases in the Idoru Services;
- create an account;
- subscribe to our newsletter or other publications;
- request marketing to be sent to you;
- request support for the Idoru Services;
- enter a competition, promotion or survey; or
- give us feedback.
- Automated technologies or interactions. As you interact with the Idoru Services, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, pixels, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Technical Data from analytics providers, advertising networks and search engine providers.
- Contact and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from data brokers or aggregators.
- Identity and Contact Data from publicly availably sources.
HOW WE USE YOUR DATA
We will only use your personal data as allowed by law. Most commonly, we will use your personal data in the following circumstances:
- Providing the Idoru Services: To provide the Idoru Services, which may include using your personal data for customizations and recommendations, customer support and to manage our relationship with you for purposes of contractual obligations and the ongoing administration of the Idoru Services.
- Continuing to Develop and Improve the Idoru Services: To develop, test and improve the Idoru Services, including adding or improving new features and performing troubleshooting activities.
- Marketing the Idoru Services: To enable us and our third party marketing partners to use aggregated and anonymized information to develop marketing strategies for the Idoru Services. We will not send you ads within the Idoru Services.
- Security: To ensure authentication of users and accounts and to review, research and address security issues.
- Communications: To contact you about the Idoru Services, including updates, issues relating to your account, and changes to our policies, as well as to respond to questions or comments you may send to us directly.
- Legal Obligations: Where we need to use or share your personal data in order to comply with a legal or regulatory obligation.
We provide you with choices regarding our use of your personal data for marketing and advertising purposes. You will receive marketing communications from us if you have subscribed for an account with us or purchased goods or services from us and you have not opted out of receiving that marketing. All of our marketing communications to you contain an opt out option and you can opt out at any time. Please note that the opt out will not affect the lawfulness of processing that has taken place before the opt out.
We will get your explicit opt-in consent before we share your personal data with any company outside of Idoru for marketing purposes.
You can ask us to stop sending you marketing messages at any time by contacting us at firstname.lastname@example.org at any time.
Opting Out of Geolocation
If you have previously allowed us to access your geolocation data, you can stop making geolocation available to us by visiting your mobile device’s settings for the Idoru Services or the “settings” page for the Idoru Services.
Opting Out of Other Communications
When you install the Idoru Services on your mobile device you can choose to receive push notifications, which are messages the Idoru Services send you on your mobile device even when the mobile app is not on. You can turn off notifications by visiting your mobile device’s “settings” page.
We incorporate commercially reasonable safeguards to help protect and secure your personal information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the Idoru Services, and you provide us with your information at your own risk.
If you have any questions about security on the Idoru Services or if you become aware of any unauthorized use of an account or suspect a security breach, notify us immediately via email at email@example.com. If our security system is breached, we will notify you of the breach only if and to the extent required under applicable law.
We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Data Protection Rights Under the General Data Protection Regulation (GDPR)
If you are a resident of or located within the European Economic Area (EEA), Switzerland or the UK, you have certain additional data protection rights. These rights include:
- The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal information directly within your account settings section.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your personal information.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
To exercise any of the above rights, please contact us at firstname.lastname@example.org. In order to comply with such requests, we may require additional information from you in order to confirm your identity.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your personal information first.
For more information, please contact your local data protection authority.
Legal Basis for Processing Personal Information Under GDPR
We may process your personal information because:
- We need to perform a contract with you;
- You have given us permission to do so;
- The processing is in our legitimate interests and it is not overridden by your rights; or
- To comply with the law.
Transfer of Information
Your information, including personal information, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.
California Consumer Privacy Act
Under the California Consumer Privacy Act of 2018 (CCPA), California residents may have the following rights:
- Right to Know: The right to request the personal data that we collect, use or disclose and information about our data practices;
- Right to Request Deletion: The right to request that we delete the personal data we have collected about you; and
- Right to Non-Discrimination: The right to not be discriminated against for exercising any of these rights.
To request further information pursuant to your “right to know” or to request deletion of person data pursuant to your “right to request deletion”, please [click here].
We will acknowledge receipt of your request within 10 business days, and provide a substantive response within 45 calendar days, or inform you of the reason and extension period (up to 90 days) in writing.
Under the CCPA, only you or an authorized agent may make a request related to your personal data. Note that to respond to your requests to access or delete personal data under the CCPA, we must verify your identity.
California’s Shine the Light Law
California Civil Code Section 1798.83 permits California residents to request and obtain a list of what personal information (if any) that we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to email@example.com.