WAITLESSCY PRIVACY POLICY


1.       WHO WE ARE

We are the WaitLess team. WaitLess ("we", "our", or "us") will collect and use information obtained via the WaitLessCY Mobile Application ("WaitLessCY", "Application") as described in this policy. In doing so, we are committed to protecting and respecting your privacy and personal data, in accordance with applicable data protection, privacy rules, and data protection laws. We do not sell or rent your personally identifiable information to any third party. (email: [email protected])

2.       WHAT DATA WE COLLECT AND HOW WE COLLECT SUCH DATA

The Application obtains the information you provide when you download and register within the Application. Registration with us is optional. However, please keep in mind that you may not be able to use some of the features offered by the Application unless you register with us. When you register with us and use the Application, you generally provide your name, email address, phone number, and password.

We collect data from our 3rd party affiliates. Specifically, WaitLessCy uses Firebase as a measurement solution that provides insight into app usage and user engagement (https://firebase.google.com/policies/analytics), as well as, Firebase Crashlytics as a bug reporting service (https://firebase.google.com/docs/crashlytics). Bug reports are sent automatically and can contain information about your device, as well as, a log of actions that led to an error.

We also use the device's location, in both cases, registered or not, only when the WaitLessCY application is running (active or in the background), as long as the reported location is within a range of the location of a store that is included in our database. It should be noted that the device's location cannot be correlated (reverse engineered)  with a registered user in our database and that we do not keep any location history nor tracking the route taken by any device.

3.       HOW WE USE YOUR DATA 

We use your name, email address, phone number, and password. This information is stored in our database only for verification purposes. Your mobile number is stored again, in the Firebase Authentication Database for verification purposes.

While using the Application, the GPS technology (or other similar technology) is activated to determine the device's current location in order to calculate the distance between the device and the stores that are stored in our database. Moreover, the device's current location can be displayed on a location map which is a feature provided by our Application. We only use the device's current location to estimate the number of active users that are located within a range of the location of a store that is included in our database. We do not share any location information of a specific device with other users or partners.

We also collect technical information on how the application is used for diagnostic purposes.

4.       HOW WE STORE YOUR DATA AND PERIOD OF RETENTION 

Your data is safely and securely stored on our servers and we maintain your personal information as long as requested otherwise. We maintain the right to reserve your information for a longer period for any obligations provided by any law or any competent authority or for the preservation of any legal rights.

To offer a consistent service to you we manage the Application from servers provided by a third-party cloud service provider that are located in Greece and Germany. The data that we collect from you may be transferred to and stored on these servers. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and applicable privacy laws. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your data, by encrypting the transmission of data between the Application and the server using TLS_AES_128_GCM_SHA256,128 bit keys and TLS 1.3. That is, your data was encrypted before being transmitted over the Internet, meaning that it is difficult for unauthorized people to view information traveling between the Application and the server. Once we have received your information, we will use strict procedures and security features to prevent unauthorized access.

The name, phone number, email address and password are stored in our database using security protocols and secure procedures. The password provided is stored as a new password hash using a strong one-way hashing algorithm. They are called one-way hash functions because there is no way to reverse the encryption, therefore, no one but you know the password.

The next information that is collected is the location of the device and not the user's, therefore it is not possible using reverse engineering to correlate a specific user with a specific device. The way a device's location is stored is by using a unique key (string) provided by the device. If this device is located within a range of a store that is located in our database, then this device sends this information and then we simply change the status of this record inside the database, if it already exists, otherwise it is stored.  We do not keep track of history, nor the path. The device sends the location only when its state is changed.

 

5.       MARKETING

We do not use your personal data for any marketing purposes, nor we provide your personal data to any affiliates or third parties for such reasons.

 

6.       YOUR DATA PROTECTION RIGHTS

Your right of access 

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right of rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure 

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restrict processing 

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing 

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

Your right to data portability 

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

If we are processing your information for criminal law enforcement purposes, some of your rights may be different or restricted.

You may withdraw your consent regarding your data processing should that be required or given at any time by contacting us at the below mentioned addresses.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

 7.       COOKIES 

Cookies are files with a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your device internal memory. This Service does not use these “cookies”.

Required/Technical cookies: Cookies that are only placed as part of the website’s functionality and security that without them the website cannot be considered functioning. 

8.       OTHER DATA COLLECTION

As mentioned above, Firebase collects technical information on how the application is used for diagnostic purposes. Both services are part of Google. Please visit How Google uses data when you use our partners’ sites or apps prior to using our services to learn how Google uses your data.

9.       CHANGES TO OUR PRIVACY POLICY 

Any changes to our Privacy Policy will be published here upon the date of their validity and no other notice shall be provided for such changes. Please visit this section from time to time to keep up to date with any such changes.

10.    HOW TO CONTACT US 

You can contact us by email at the electronic address [email protected]. For the exercise of your rights regarding GDPR as mentioned above, please include such issues in the subject section of an email and send it to us at the aforementioned email address.

11.    HOW TO CONTACT THE APPROPRIATE AUTHORITIES

You may lodge any complaints regarding your personal information at the Office of the Commissioner for Personal Data Protection at

http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_en/page1i_en?opendocument