Effective date 25th of September, 2019
YOU ASSERT THAT YOU ARE EITHER OF LEGAL AGE (18 YEARS OLD), OR AN EMANCIPATED MINOR, OR POSSESS PROOVABLE LEGAL CONSENT OF YOUR PARENT, CARETAKER OR GUARDIAN, AND YOU ARE HAVING THE POWER AND COMPETENT TO ENTER INTO AND TO COMPLY WITH THESE TERMS OF SERVICE. IN CASE IF YOU ARE UNDER THE AGE OF 13 YEARS OLD, PLEASE DO NOT USE COSTS.
1.1. “Personal Data” means is any data that could potentially be used to identify a particular person.
1.2. “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
1.3. “EEA” includes all current member states to the European Union and the European Economic Area.
1.4. “Process” or “Processing”, in respect of personal data, includes to collection, storage, and disclose to third parties.
2.1. We acknowledge and understand your privacy and make efforts to protect it against any unlawful Processing of your Personal Data.
2.2. We apply all necessary relevant technical and organizational measures to protect your Personal Data in accordance with the effective legislation. Processing includes protection against unauthorized or illegal processing, against accidental loss, destruction or damage while applying suitable technical and/or organizational measures.
2.3. Although we will take diligent efforts to ensure safe storage and processing of Personal Data, we cannot guarantee it to be 100% secure and risk-free. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of your information at any time.
3. CATEGORIES OF PERSONAL DATA COLLECTED
3.1. Data provided by you. When you register for and/or use Costs, you provide us with your e-mail and password. When you decide to use “Bank Cards” option of Costs, we WILL NOT collect your financial account’s login and password.
3.2. Device data. We collect data about your mobile device. Examples of such data include device settings, model of a device, hardware ID, operating system, language settings, IP address, and time zone.
3.3. Usage data. We record how you interact with Costs. For example, the features, and content you interact with the most, how often you use Costs.
3.4. Location data. If you have enabled location services on mobile device, we collect location information in order to allow you to create user content (to save the location where particular transaction have happened). You can disable location services on your phone settings.
3.5. Data provided by third parties.
3.6. System logs and maintenance. For operation and maintenance purposes, Costs may collect files that record interaction with application (System logs) use IP address for this purpose.
4. PURPOSES FOR COLLECTION OF PERSONALLY IDENTIFIABLE DATA
4.1. Provision of Service. We collect Personal Data to provide Costs and its services to you. It includes enabling you to use the Service in a seamless manner and preventing or addressing Service errors or technical issues.
4.2. Communication regarding use of Service. We may communicate with you by push notifications or e-mails. Such communicating may include messages and reminders encouraging you to use Costs, or other information about the Costs. You may opt out of receiving push notifications by changing the settings on your mobile device. We may collect data concerning the date and time when the message was viewed by you, as well as when you interacted with it, such as by clicking on links included in the message.
4.4. Sending of marketing communications. We process Personal Data for marketing purposes. You may receive information about products, such as for example, special offers. We may also send push notifications for marketing purposes. To opt out of receiving push notifications, You need to change the settings on device.
4.5. To enforce our Terms of Service and to prevent and combat fraud. We use Personal Data to enforce agreements and contractual commitments, to detect, prevent, and combat fraud. We may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with Terms of Service).
4.6. Researching and analyzing of use of Costs. We perform researching and analyzing to, maintain, improve, innovate, plan, design, analyze operations, and to modernize Costs. This data is also used to test and improve offers and for statistical analysis purposes. It allows bettering understanding what features users like more.
5. INFORMATION FOR EEA BASED USERS
5.1.1. To perform our contract with users. Under this legal basis we:
188.8.131.52.provide services embodied in Costs (in accordance with Costs Terms of Service);
184.108.40.206.manage users accounts and provide users with customer support;
220.127.116.11.communicate with users regarding use of Costs;
5.1.2. For other legitimate interests, unless those interests are overridden by user’s interests or fundamental rights and freedoms that require protection of personal data Costs relies on legitimate interests:
18.104.22.168.to communicate with you regarding your use of Costs. This includes, for example, sending push notifications. Our legitimate interest here is interest to encourage user to use Service more often. We also takes into account the potential benefits to you of using Costs.
22.214.171.124.to research and analyze your use of the Costs. The legitimate interest for this purpose is interest in improving Costs so that we understand users preferences and able to provide user with a better experience.
126.96.36.199.to send marketing communications The legitimate interest we rely on for this processing is interest to promote Costs in a measured and appropriate way.
188.8.131.52.to enforce Terms of Service and to prevent and combat fraud. The legitimate interests for this purpose are enforcing our legal rights, preventing and addressing fraud and unauthorized use of Costs, non-compliance with our Terms of Service.
184.108.40.206.to comply with legal obligations.
5.2. EEA-based user rights. Users who based in the EEA have the following rights in addition to the above:
5.2.1. Right to rectification. User has the right to request to rectify, without undue delay, any incorrect data pertaining to the respective User.
5.2.2. Right to limitation of processing. User can limit the use of Personally Data collected.
5.2.3. Right of access. User may request a copy of Personal Data collected during use of Costs at email@example.com .
5.2.4. Objecting to or restricting the use of Personal Data. User can ask to stop using all or some portion of Personal Data or limit use thereof by requesting its erasure as described above or sending a request at firstname.lastname@example.org
5.2.5. The right to lodge a complaint with supervisory authority. User has the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where user resides, work or where the alleged infringement has taken place.
5.2.6. The right to data portability. User can receive Personal Data in a machine-readable format by sending respective request at email@example.com.
5.3. Exercise the rights. To exercise your right to access you have a right to request from the us at any time:
5.3.1. Confirmation as to whether Personal Data related to you processed by us, purpose of the Processing, the data category and recipients of such data or the categories of recipients’ data is disclosed to.
5.3.2. Information as to the logic of any automated processing of Personal Data pertaining to natural persons, at least in the case of automated decisions under the provisions of the GDPR.
5.3.3. Upon request we provide information free of charge. However, we may charge a reasonable fee if request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
5.3.4. Upon filing of a request by an authorized person, the notarized power of attorney must be attached to the request.
5.3.5. In case of death of the natural person, his / her rights are exercised by his / her heirs and the certificate of heirs shall be attached to the request. The heritage should be confirmed by respective certificate, issued in the death person’s jurisdiction.
5.3.6. We shall review and pronounce on the request within 1 month as of its filing. This period may be extended by further two months, if necessary, for example, if your request is particularly complex or you have made a number of requests . We shall inform you as to any such extension within 1 month as of receipt of the request, stating the reasons for the delay. When you file a request by electronic means, the information is provided electronically, if possible, unless the you have requested otherwise.
5.3.7. We may provide an answer to the requesting person taking into account their preferred form for the provision of the information (orally or in writing - as a hard copy or electronically).
5.3.8. Where data do not exist or their provision is forbidden by law, access of the requesting party to such data is refused.
5.3.9. You are not satisfied with the response received and / or believes that your rights related to Personal Data protection were violated, you are entitled to exercise your right to defense.
6. DISCLOSURE OF PERSONAL DATA
6.1. We may disclose Personal Data to the following categories of persons:
Acting as processor or controller based in the EEA but also around the world who provide - services and IT and system administration services.
a). Managing contacts and sending messages
(1) Firebase Cloud Messaging (Google LLC). Firebase Cloud Messaging is a message sending service provided by Google LLC. Firebase Cloud Messaging allows the us to send messages and notifications to users across platforms such as Android, iOS, and the web. Messages can be sent to single devices, groups of devices, or specific topics or user segments.
(2) Mailchimp (Rocket Science Group LLC) Mailchimp is a e-mail sending service provided by Rocket Science Group LLC. Mailchimp allows us to send e-mails to users across the web.
Personal Data collected: e-mail.
b). Hosting and back-end infrastructure
(1) We use Amazon Web Services (Amazon Web Services Inc.) infrastructure to store your data This service has the purpose of hosting data and files that enable Costs to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts Costs.
c). Financial account synchronization
(1) We use Salt Edge, which enables us to connect with your bank accounts for purposes of providing services embodied in Costs.
d). Application analytics.
(1) Firebase Analytics (Google LLC). Analytics service provided by Google LLC. It allows us to gather analytics about the app usage.
(2) Facebook Analytics. Analytics service provided by Facebook. It allows us to gather analytics about the app usage and Facebook Ads services.
Acting as a processor or joint controllers including lawyers, bankers, auditors and insurers based in Estonia who provide consultancy, banking, legal, insurance, and accounting services
HM Revenue & Customs, regulators and other authorities.
acting as a processor or joint controllers based in the EEA who require reporting of Processing activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of business or assets.
6.2. We will never disclose Personal Data to persons to enable them to provide you with information regarding unrelated goods or services.
8. RETENTION TIME
8.1. Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
8.2. Personal Data collected for purposes related to the performance of a contract between you and us shall be retained until such contract has been fully performed.
8.4. Once the retention period expires, your Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
9. AGE LIMITATION
9.1. We do not knowingly Process any Personal Data from persons under 13 years of age. If you learn that anyone younger than 13 has provided us with Personal Data, please contact us at firstname.lastname@example.org .
10. INFORMATION ON DATA CONTROLLER
10.1. COSTS.EE OÜ, a company registered in Estonia (with registered office at Harju maakond, Tallinn, Kesklinna linnaosa, Roosikrantsi tn 11-256, 10119) will be the controller of your Personal data. For any questions, concerning account or Personally data please contact us at email@example.com.