COMOTE’S PRIVACY POLICY

for justgoodapp.com

The protection of users' privacy is vitally important to Us being COMOTE SPÓŁKA AKCYJNA having its business premises in Wroclaw, Poland, 50-089, on ul. Swobodna 1, with National Court Register number (KRS): 0000935035 and Polish tax identification number (NIP): 5272919139 (hereinafter referred to as: the “Comote” or “We”, “Us“, “Our”).

Below you shall find the policy concerning the personal data gathering jointly with the rules governing its processing and usage implemented and subsequently used by Comote (hereinafter referred to as: the “Policy”).

We are committed to make every possible endeavour to protect Our Users' personal data and privacy. Therefore, gathering, management and usage of information concerning the Comote’s Website Users is limited to the bare minimum being required by Us in order to provide you with the highest quality services.

Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) establishes Us as a Data Controller. Data Controller shall be understood an entity which independently or jointly with others determines the purposes and the means of personal data processing.

What is personal data?

The personal data shall be understood as the information by means of which We may identify the User(s) of Our https://justgoodapp.com/ website (hereinafter referred to as: the “Website”) as an individualised person(s). Identification can take place directly or indirectly.

The data being collected at Our Website relates to the activity of the User(s); the term of “User” is specified by Our Terms of Service.

What is personal data processing?

Personal data processing shall mean any operation or a set of operations which is performed on personal data or on sets of personal data, whether or not by the automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or sharing in another way, alignment or combination, restriction, erasure or destruction.

What personal data do We process, for what purposes and what are the legal grounds for such processing?

We do not process sensitive personal data such as race and ethnicity, political views, religious or philosophical views, trade union membership, physical and mental health details, genetic data, biometric data, sexuality, and criminal record.

Comote via its Website collects information from the User(s). User(s) do not provide those information directly - We get them by collecting information about interactions (use, and experiences) with the Website. The information We collect depend on the context of such interactions and the selections Users make via “Privacy and cookies settings”; further details on limiting the scope of information being collected - the opt-out option(s) can be found in section 10. below.

As stated above Comote process information – not necessarily any personal data, but so called metadata - collected within and via Website which might be and / or become a personal data of User(s); details are specified by the table below.

Data used – what do We collect

Purpose of use – what do We collect

Legal grounds of use 
- why are We allowed to collect

Cookies, Device Information, and Online Identifiers - Cookies, browser type, language, screen size, and device identifiers

To recognize the User’s device and enable consistent tracking and service functionality

Given consent – GDPR, article 6. 1. (a)

Limited Data for Advertising - Website/app usage, device type, and non-precise location

To select and deliver ads based on minimal data without detailed profiling

Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)

Activity Information and Combined Data for Advertising Profiles - Forms submitted, pages viewed, and combined activity data from other services

To create advertising profiles based on the User’s interests and behaviours for personalized ad delivery

Given consent – GDPR, article 6. 1. (a)

 

Activity Information and Combined Data for Personalized Content - Forms submitted, content interactions, and data from similar users

To create content profiles to personalize and optimize the User's content experience

Given consent – GDPR, article 6. 1. (a)

 

Advertising Interaction Data - ads viewed, clicks made, and actions taken after interacting with ads

To measure the effectiveness of ad campaigns and improve future targeting

Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)

Content Interaction Data - Articles read, videos watched, and time spent interacting with content

To evaluate the performance and relevance of non-advertising content

Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)

Data from Combined Sources

Data Used - User profiles, market research, and analytics data

To generate audience insights and identify trends among the User and similar profiles

Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)

Interaction Data for Service Improvement - Ads and content engagement data, including frequency and type of interactions

To enhance and develop services based on patterns in the User’s engagement

 

Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)

Device and Limited Interaction Data for Content Selection - Device type, current website/app usage, and previous content interactions

To select relevant content and avoid repetitive displays for the User

Given consent – GDPR, article 6. 1. (a) and / or Controllers legitimate interest - GDPR, article 6. 1. (f)

Security and Fraud Prevention Data - System logs, anomalous activity patterns, and ad click data

To detect and prevent fraudulent activities and ensure system security for the User

Controllers legitimate interest - GDPR, article 6. 1. (f)

 

Technical Device Information - IP address, browser type, and device capabilities

To ensure compatibility and seamless delivery of content or ads to the User’s device

Necessity for contract performance - GDPR, article 6. 1. (b)

Privacy Preferences - Choices regarding data usage and vendor preferences

To save and enforce the User’s privacy settings across services

Controllers legitimate interest - GDPR, article 6. 1. (f)

 

Combined Data from External Sources - Loyalty card usage, surveys, and activity data from other platforms.

To link and analyse data from multiple sources for improved targeting and service quality

Controllers legitimate interest - GDPR, article 6. 1. (f)

 

Device Linking Data - Shared logins and internet connection data from the User’s devices

To link multiple devices belonging to the User for seamless cross-platform service.

Controllers legitimate interest - GDPR, article 6. 1. (f)

 

Automatically Transmitted Device Information - IP address, browser details, and other automatically shared device data

To distinguish the User’s device for personalization and analytics.

Controllers legitimate interest - GDPR, article 6. 1. (f)

Precise Geolocation Data - GPS-based location data within a 500-meter radius

To provide location-specific services, ads, and content to the User

Given consent – GDPR, article 6. 1. (a)

Once any of the information specified by the table above, alone or in conjunction with other(s), become a personal data, User being a data subject to those personal data can exercise any and all rights specified by the section 9. below; including, the right to be forgotten and the opt-out right(s) as specified by the points c. and g. of the said section respectively.

For how long do We storage personal data?

The term upon which We are allowed to storage and therefore process personal data is dependent on the legal basis for which data gathering took place. Comote’s does not process personal data for a period longer than the said legal basis allows, what shall be deemed as the following:

If there are no specific legal or contractual requirements for personal data retention, the basic term shall be no longer than ten (10) years.

Do We transfer personal data to the third-parties?

Comote may transfer personal data to the third-parties on contractual bases; in this respect, pursuant to GDPRs relevant provisions We are remaining the data controller, while the aforementioned third-party becomes the data processor. Therefore, in each such contract We embed terms and safety mechanisms in order to ensure Our standards for data protection - their confidentiality, integrity and security. Comote retains control over the method and scope of processing by the party vested in the data processing agreement(s). As a result, the third-party recipients of personal data processed on Our behalf may inter alia include:

To which countries do We transfer personal data?

Some of the third-parties (processors) to which we transfer the personal data may be based outside the European Economic Area (hereinafter referred to as: the “EEA”), in particular within the United States of America.

Comote remains committed to minimise the range, amount and value of the personal data being transferred outside the EEA. In order to guarantee a constantly high level of personal data protection We use standard contractual clauses adopted by the Commission of the European Union.

What about the references to websites other than https://justgoodapp.com ?

Comote shall not be deemed responsible for data privacy protection rules applied by the other websites than https://justgoodapp.com, to which links are provided at the Website. Users are requested to familiarise themselves with the data privacy policies and / or statements being placed at Our partners website(s).

Do We automatically process personal data?

Personal data of Our Users may be processed in an automated way, including profiling. Provided that Comote holds a relevant consent, for such purposes, We may also cooperate in this matter with a third-party entities.

How do We protect personal data?

Comote makes all possible efforts to ensure all physical, technical, and organizational measures for personal data protection are in place in order to safeguard it against: accidental and / or deliberate destruction, accidental loss, alteration and / or unauthorised disclosure. We also assure that each and every data processing being performed by Us is in compliance with all applicable laws, regulations and policies.

What are the Users rights with respect to personal data We collected?

Once We collected your personal data, as a User you are vested with the following rights:

  1. to access your personal data;
  2. to rectify your personal data;
  3. to remove your personal data (right to be forgotten);
  4. to remove your personal data (opt-our right / right to be forgotten);
  5. to limit the personal data being processed;
  6. to transfer your personal data to another data controller;
  7. to limit the scope of information (personal data) being collected and processed (opt-out right);
  8. to file an objection against the way of personal data processing, what also includes profiling;
  9. to withdraw your consent to process your personal data at any moment without affecting the legitimacy of processing performed on the basis of your consent being given prior to such withdrawal;
  10. to file a complaint to the relevant Data Protection Authority, when you believe that personal data processing performed by Us violates the provision(s) of law.

 

How to exercise rights stated in the above section?

Rights specified by clauses a. to f. of the above section can be exercised by contacting Comote; the section 11. below provides the relevant contact details.

The opt-out right specified by clause g. of the above section can be exercised by managing your data collection preferences within the Website. In order to activate these preferences, it is required to open the Websites “Privacy and cookies settings” being located at the bottom of the Website.

 

Once the “Privacy and cookies settings” are clicked, the browser shall display the following window presented below. To access the management panel of Comote's data collection options, User shall click “Manage options” button.



Once the User advances to the next window – “Manage your data’” – S(He) can give and revoke consent(s) for the collection of data of Her(His) choice; examples are presented below.

 
 

If for any reason the User is unable to exercise or has difficulty exercising (his/her) opt out option(s), We kindly request to contact Us for assistance; the section below provides the applicable contact details.

Right specified by clause h. of the above section can be exercised by contacting any of the national data protection authorities listed at the European Data Protection Board website: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#member.

Who is the Personal Data Controller and how to contact her?

The personal data controller is COMOTE SPÓŁKA AKCYJNA having its business premises in Wroclaw, Poland, 50-089, on ul. Swobodna 1, with National Court Register number (KRS): 0000935035.

Please contact Us via email: [email protected]

What about the amendments of this Policy?

Updates in Our Policy usually reflects the technology development(s) and / or changes in the legal environment we operate in. We are also committed to follow the data protection guidelines and / or recommendations issued by the National and International Authorities.

For those reasons we reserve the right to amend the current Policy as needed.