Privacy Policy
Introduction
This Privacy Policy (“Policy”)describes how MyVikki App (“we”, “us”, “our”) may collect, use, and share information obtained when you use MyVikki App (the “App”), our website https://myvikki.com/ (the “Website”), interact with us via our social media such as Facebook, Instagram, Telegram (“social media”), and messengers, or provide us with information about yourself via any other way.
This Privacy Policy (“Policy”)describes how MyVikki App (“we”, “us”, “our”) may collect, use, and share information obtained when you use MyVikki App (the “App”), our website https://myvikki.com/ (the “Website”), interact with us via our social media such as Facebook, Instagram, Telegram (“social media”), and messengers, or provide us with information about yourself via any other way.
Such treatment may include, but is not limited to, the following:
Definitions
We use the following definitions in this Policy:
“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.
“data processor” means the natural or legal person who processes personal data on behalf of the data controller.
“data subject” is any individual that provides their personal data to us when using App, interacting with Company's social media, messengers, or provide their personal data to us in via any other.
“personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Collection
We collect two basic types of information about you in connection with our services: client data, visitor data, which relate to Clients and Visitors respectively. In particular, we collect:
(a) Contact Information. We can collect some personal data when you submit your personal data via the Website’s forms, social media, messengers, email to contact and/or provide feedback on our App. Such data may include name, email, and other information you may provide us via available contact options.
(b) Registration Information. When you create an account on the App, we collect the following required information about you: email address. You must enter the above information yourself to create an account unless we receive such information about you from the third-party authentication token when you choose to sign up using the respective button.
(d) Authentication Token Information. When you create an account in the App through the respective ‘Sign In with…’ button, we collect an encrypted authentication token obtained from the selected service provider. We can obtain the following information about you via such a token: email address.
(e) Integrations API Information: Clients’ API tokens, which are necessary to integrate your account (giving our App access to a third-party App API) with other third-party services such as social networks, email marketing, payment systems, telephony, banks, etc.
(f) Automatically Collected Information. When you use our App, we collect certain information about you and your device automatically, including user behaviour and conversions.
(g) Geolocation data, such as the general area from which your device accesses our App based on information like its IP address, or precise location information you choose to provide.
(h) Audio information, such as voice. If you opt to sent us a voice messages.
(i) Payment Information. If you order services from us, you will need to provide certain personal details, including name and email address, so the order can be fulfilled. If the payment is made on the behalf of a legal entity, we also may collect some information about such a legal entity. In order to obtain payment from you, we will use or direct you to a separate payment provider who will collect financial information from you and process your payment. Please, read the privacy policy of a separate payment provider before making a payment to us, as that separate payment provider is collecting, processing, and storing your financial information and we do not have direct access to or possession of your payment card information or banking information.
(j) Client’s Information. As part of our services, we can process third-party personal data that has been provided to us by our Clients. In this case, we process such personal data (which may relate to customers, prospects, employees, contractors of Clients) under instructions provided by the respective Client.
We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.
When we act as a data controller, We DO NOT intentionally collect and process any sensitive personal data. Please, refrain from sharing your or third-party sensitive personal data with us.
We DO NOT sell your data.
Grounds for processing
We collect and process your personal data in accordance with the provisions of the GDPR.
GDPR provides an exclusive list of lawful bases allowing us to process your personal data. During personal data processing we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time.
Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw the consent to the processing of your personal data by sending us an email at vikarepetskaya@gmail.com, or by contacting us in any other way convenient for you.
Article 6.1(f): legitimate interests
As a data controller, we process your personal data to prevent any fraudulent actions and to provide you with the desired services. Also, we need some data to enable our App to run smoothly and give you a pleasant user experience. We use only strictly necessary data under this legal ground.
Article 6.1(b): performance of a contract
When you provide us with the personal data during the registration of the account on the App; this can be deemed as your request to form a contract or to perform a contract between you and us. However, we may ask you to give us clear consent in case of doubt.
Article 6.1(c): legal obligation
We process your personal data to fulfil the applicable legal obligations arising mainly from the GDPR. In the event of you sending us the request to fulfil the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.
Use of Your Personal Data
As a data controller, we use your personal data for the purposes listed in the table below where we also detail the type of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data:
Data Security, Integrity and Retention
As a data controller, we store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.
Usually, we retain your data while your account is actively used, but we will delete your personal data if we notice that you have not used your account for a long time or if you ask us to delete your personal data.
We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.
Despite any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at vikarepetskaya@gmail.com or contacting us via another way convenient for you.
If your account on the App is inactive (you do not access App and/or do not use our services) for 1 (one) year, the personal data is to be deleted.
We have implemented appropriate organisational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.
Data Sharing and Disclosure
We may share your personal data as a data controller to data processors in accordance with provisions specified hereafter.
Sharing data with data processors
There are many features necessary to provide you with access to our App that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.
Therefore, we may share and disclose your personal data to other data processors:
We may transfer your personal data to countries outside the EU and EEA (for example, the USA) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.
We only transfer your personal data to third parties within requirements under the GDPR. Where possible and necessary, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously.
Where the Contractor has an appropriate data processing agreement in place, Company may adjoin such data processing agreement. If so, Company and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.
Transferring your personal data outside of the European Economic Area
For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to another third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.
We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal procedures regarding international transfers in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.
We put supplementary technical and organisational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
Your Rights under the GDPR
You may exercise the following rights by submitting your request at vikarepetskaya@gmail.com
When we act as a joint controller regarding particular processing of personal data, you may exercise your rights under the GDPR in respect of and against both other joint controller(s) and us.
Rights under the GDPR
Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity
Data Protection Authority under the GDPR
We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may contact us to address your inquiries: vikarepetskaya@gmail.com.
Supervisory Authorities under GDPR:
In case of any questions regarding data protection, you can apply to the supervisory authority in your place of residence or domicile. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us.
Children’s Privacy
Our App is intended for general audiences and is not directed to children under 16 in the meaning of applicable children’s protection. We undertake the best possible efforts to secure the processing of personal data belonging to the underage. Therefore, the App does not knowingly collect personal data from persons under the age of 16.
If you are under 16, please do not provide any personal information on our App, through our features, or in any other ways, including, but not limited to your name, email, phone number, or other personal information. By registering on the App and entering into the contract with the Company, you are telling us that you acknowledge that you have reached the age of 16 and under the laws of your country of residence you have all rights to provide us with your personal data for processing.
If you have any reason to believe that a child under the age of 16 has provided his/her personal data to us, please contact us. Please consider applicable laws and regulations regarding the protection of children if you pass children’s personal
Changes to the Privacy Policy
This Policy may be changed from time to time due to the implementation of new updates, technologies, laws’ requirements or for other purposes. We will send notice to you if these changes are dramatic and where required by applicable laws, we will obtain your consent for the subsequent processing. In any case, we encourage you to regularly review this Policy to check for any changes.
Such notification may be provided via email, announcement and by other means, consistent with applicable law.
If you have a question related to this Privacy Policy, our processing activities, or your data subject rights under GDPR and other applicable laws, you can contact us directly using the following details:
Contact person: Viktoriia Repetska
Email: vikarepetskaya@gmail.com.
Address: Calle La Dinamita 17A, bajo C, 48903 Barakaldo, Spain
Phone number: +34 641 761 720
- collection;
- recording;
- organisation;
- storage;
- structuring;
- adaptation;
- alteration;
- retrieval;
- consultation;
- use;
- disclosure by transmission;
- dissemination or otherwise making available;
- alignment or combination;
- restriction; and
- erasure or destruction.
- You are a Visitor when you merely browse our Website and/or submit your personal data via social media, the Website’s forms, online chat, or otherwise without having an account in the App;
- You are a client or client’s representative (‘Client’) when you have registered an account in the App and share your and/or third parties' personal data with us when you use our App or submit your personal data via our social media accounts, email, contact us for assistance, leave us feedback regarding our App while having an account in the App.
- When you submit your personal data to us, you may be asked to consent to our processing of the personal data you provide as explained in this Policy to enable us to provide you with the information requested, if no other legal ground can be used.
Definitions
We use the following definitions in this Policy:
“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.
“data processor” means the natural or legal person who processes personal data on behalf of the data controller.
“data subject” is any individual that provides their personal data to us when using App, interacting with Company's social media, messengers, or provide their personal data to us in via any other.
“personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Collection
We collect two basic types of information about you in connection with our services: client data, visitor data, which relate to Clients and Visitors respectively. In particular, we collect:
(a) Contact Information. We can collect some personal data when you submit your personal data via the Website’s forms, social media, messengers, email to contact and/or provide feedback on our App. Such data may include name, email, and other information you may provide us via available contact options.
(b) Registration Information. When you create an account on the App, we collect the following required information about you: email address. You must enter the above information yourself to create an account unless we receive such information about you from the third-party authentication token when you choose to sign up using the respective button.
(d) Authentication Token Information. When you create an account in the App through the respective ‘Sign In with…’ button, we collect an encrypted authentication token obtained from the selected service provider. We can obtain the following information about you via such a token: email address.
(e) Integrations API Information: Clients’ API tokens, which are necessary to integrate your account (giving our App access to a third-party App API) with other third-party services such as social networks, email marketing, payment systems, telephony, banks, etc.
(f) Automatically Collected Information. When you use our App, we collect certain information about you and your device automatically, including user behaviour and conversions.
(g) Geolocation data, such as the general area from which your device accesses our App based on information like its IP address, or precise location information you choose to provide.
(h) Audio information, such as voice. If you opt to sent us a voice messages.
(i) Payment Information. If you order services from us, you will need to provide certain personal details, including name and email address, so the order can be fulfilled. If the payment is made on the behalf of a legal entity, we also may collect some information about such a legal entity. In order to obtain payment from you, we will use or direct you to a separate payment provider who will collect financial information from you and process your payment. Please, read the privacy policy of a separate payment provider before making a payment to us, as that separate payment provider is collecting, processing, and storing your financial information and we do not have direct access to or possession of your payment card information or banking information.
(j) Client’s Information. As part of our services, we can process third-party personal data that has been provided to us by our Clients. In this case, we process such personal data (which may relate to customers, prospects, employees, contractors of Clients) under instructions provided by the respective Client.
We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.
When we act as a data controller, We DO NOT intentionally collect and process any sensitive personal data. Please, refrain from sharing your or third-party sensitive personal data with us.
We DO NOT sell your data.
Grounds for processing
We collect and process your personal data in accordance with the provisions of the GDPR.
GDPR provides an exclusive list of lawful bases allowing us to process your personal data. During personal data processing we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time.
Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw the consent to the processing of your personal data by sending us an email at vikarepetskaya@gmail.com, or by contacting us in any other way convenient for you.
Article 6.1(f): legitimate interests
As a data controller, we process your personal data to prevent any fraudulent actions and to provide you with the desired services. Also, we need some data to enable our App to run smoothly and give you a pleasant user experience. We use only strictly necessary data under this legal ground.
Article 6.1(b): performance of a contract
When you provide us with the personal data during the registration of the account on the App; this can be deemed as your request to form a contract or to perform a contract between you and us. However, we may ask you to give us clear consent in case of doubt.
Article 6.1(c): legal obligation
We process your personal data to fulfil the applicable legal obligations arising mainly from the GDPR. In the event of you sending us the request to fulfil the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.
Use of Your Personal Data
As a data controller, we use your personal data for the purposes listed in the table below where we also detail the type of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data:
Purposes | Type of personal data | Legal grounds | Third Parties recipients |
Creating an account in the App | Registration Information, Authentication Token Information. | Performance of a contract (Article 6(1)(b)) | PLATMA, Contractors |
Maintenance of the account in the App | Registration Information, Authentication Token Information | Performance of a contract (Article 6(1)(b)) | PLATMA, Contractors |
Communication with visitors and customers | Contact Information, Registration Information, Authentication Token Information | Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f)) | PLATMA, Contractors |
Communication with visitors and customers | Audio information, such as voice | Your consent (Article 6(1)(a)) | ChatGPT, Contractors |
Marketing (informational messages about our App, promotions, events (webinars, seminars, consultations, master classes, etc.) and any marketing activities of our App and conduct other marketing activities, such as personalised advertising | Contact Information, Registration Information, Authentication Token Information, Geolocation data | Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f)) | PLATMA, Contractors |
Analytics and developing (for optimising and improving our App) | Contact Information, Cookies Information, Automatically Collected Information, Geolocation data | Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f)) | Contractors |
Processing of Payments | Payment Information | Performance of a contract (Article 6(1)(b)) | App store, Apple Pay, Google Play, Visa, Mastercard, Contractors |
Complying with the law or legal process | Contact Information, Registration Information, Authentication Token Information, Integrations API Information, Automatically Collected Information, Geolocation data, Payment Information | Legal obligation (Article 6(1)(c)) | PLATMA, Contractors |
Data Security, Integrity and Retention
As a data controller, we store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.
Usually, we retain your data while your account is actively used, but we will delete your personal data if we notice that you have not used your account for a long time or if you ask us to delete your personal data.
We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.
Despite any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at vikarepetskaya@gmail.com or contacting us via another way convenient for you.
If your account on the App is inactive (you do not access App and/or do not use our services) for 1 (one) year, the personal data is to be deleted.
We have implemented appropriate organisational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.
Data Sharing and Disclosure
We may share your personal data as a data controller to data processors in accordance with provisions specified hereafter.
Sharing data with data processors
There are many features necessary to provide you with access to our App that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.
Therefore, we may share and disclose your personal data to other data processors:
- PLATMA (Platma Inc., USA): to provide secure transfer and storage of personal data on the servers. You may read its Privacy Policy here.
- Apple Pay (Apple Payments Services LLC, USA): to process payments from the clients and enable clients to purchase the subscription for the Company’s services. You may read its Privacy Policy here.
- Visa (Visa U.S.A. Inc., USA): to process payments from the clients and enable clients to purchase the subscription for the Company’s services. You may read its Privacy Policy here.
- Mastercard (Visa Global Privacy Office, USA): to process payments from the clients and enable clients to purchase the subscription for the Company’s services. You may read its Privacy Policy here.
- ChatGPT (OpenAI Ireland Limited, Ireland): to provide a service of voice communication (transforming a client’s voice into the text). You may read its Privacy Policy here.
We may transfer your personal data to countries outside the EU and EEA (for example, the USA) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.
We only transfer your personal data to third parties within requirements under the GDPR. Where possible and necessary, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously.
Where the Contractor has an appropriate data processing agreement in place, Company may adjoin such data processing agreement. If so, Company and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.
Transferring your personal data outside of the European Economic Area
For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to another third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.
We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal procedures regarding international transfers in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.
We put supplementary technical and organisational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
Your Rights under the GDPR
You may exercise the following rights by submitting your request at vikarepetskaya@gmail.com
When we act as a joint controller regarding particular processing of personal data, you may exercise your rights under the GDPR in respect of and against both other joint controller(s) and us.
Rights under the GDPR
- right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
- right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data.
- right to erasure (to be “forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws.
- right to restriction of processing means that you may ask us to restrict processing where:
- your personal data is not correct or outdated;
- the processing is unlawful.
- right to object to the processing means that you may raise objections on grounds relating to your particular situation;
- right to data portability means that you may ask us to transfer a copy of your personal data to another organisation or to you if applicable and technically feasible;
- right to withdraw the consent when your personal data processed on a basis of your consent;
- right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.
Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity
Data Protection Authority under the GDPR
We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may contact us to address your inquiries: vikarepetskaya@gmail.com.
Supervisory Authorities under GDPR:
In case of any questions regarding data protection, you can apply to the supervisory authority in your place of residence or domicile. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us.
Children’s Privacy
Our App is intended for general audiences and is not directed to children under 16 in the meaning of applicable children’s protection. We undertake the best possible efforts to secure the processing of personal data belonging to the underage. Therefore, the App does not knowingly collect personal data from persons under the age of 16.
If you are under 16, please do not provide any personal information on our App, through our features, or in any other ways, including, but not limited to your name, email, phone number, or other personal information. By registering on the App and entering into the contract with the Company, you are telling us that you acknowledge that you have reached the age of 16 and under the laws of your country of residence you have all rights to provide us with your personal data for processing.
If you have any reason to believe that a child under the age of 16 has provided his/her personal data to us, please contact us. Please consider applicable laws and regulations regarding the protection of children if you pass children’s personal
Changes to the Privacy Policy
This Policy may be changed from time to time due to the implementation of new updates, technologies, laws’ requirements or for other purposes. We will send notice to you if these changes are dramatic and where required by applicable laws, we will obtain your consent for the subsequent processing. In any case, we encourage you to regularly review this Policy to check for any changes.
Such notification may be provided via email, announcement and by other means, consistent with applicable law.
If you have a question related to this Privacy Policy, our processing activities, or your data subject rights under GDPR and other applicable laws, you can contact us directly using the following details:
Contact person: Viktoriia Repetska
Email: vikarepetskaya@gmail.com.
Address: Calle La Dinamita 17A, bajo C, 48903 Barakaldo, Spain
Phone number: +34 641 761 720
© All Right Reserved. MyVikki
e-mail us: myvikki.help@gmail.com
