PRIVACY POLICY

Last updated:
January 29, 2020


OUR COMMITMENT TO YOU
We, at Snappy App, Inc. (“Snappy,” "us", "we," “our,” or "Company") DBA Snappy Gifts, respect the privacy of our users (each, a "User" or "you") and are committed to protect the privacy of Users who access, download, install, register, use or engage with our website and mobile application (the "Website" and "Application" respectively) and any other service we provide (collectively, the "Service(s)").  
We've prepared this Privacy Policy to outline our practices with respect to collecting, using and disclosing your information when you use the Services. We encourage you to read this Privacy Policy carefully and use it to make informed decisions. By using the Services, you agree to the terms of this Privacy Policy and your continued use of the Services constitutes your ongoing agreement to the Privacy Policy.

GROUNDS FOR DATA COLLECTION
Subject to your consent and in order to administer our Services (such as processing requests, delivery of your Snappy gift, responding to your requests etc.) we will collect and process your "Personal Data" (meaning any information which may potentially allow your identification with reasonable means).
We also rely on other lawful grounds for processing your Personal Data, namely: the performance of our contractual obligations towards you and your employer, our legitimate interests in provision of our Services including for administering our Website and Application, and for compliance with legal and regulatory obligations to which
we are subject.
When you use our Services, you consent to the collection, storage, use, disclosure and other uses of your Personal Information as described in this Privacy Policy.

WHAT TYPE OF DATA WE COLLECT?
Personal Data
In the course of using the Services, we may collect certain Personal Data to provide and improve the Services, to contact or identify you, to enable you to access certain parts of the Service or as otherwise indicated in this Policy. We collect the following Personal Data about you:

In order to provide you with our Services, you will be required to provide us with your contact details, including your name, date of birth, phone number, and email address. In cases where we need to ship your gift, we will also process your physical address. In other cases, we may receive some or all of these contact details from your employer, with whom we have contracted, so that we could provide you with our Services.

Our Services include an option to register using your social media account (such as Facebook). If you choose to log in or connect to the Services using your social media account, we will process your social media account information, including your profile picture. We may also process other publicly available information on your social media account, which we believe may be necessary or relevant for the provision of the Services, as described herein.

When you send us an email or otherwise contact us we will collect any information, including Personal Data that you choose to include in your inquiry to us.

Our webserver may also automatically collect your IP address, and unique online identifiers. These details are pseudonimyzed (cannot directly identify you) and are collected for the purpose of delivering relevant content and operating and improving our Service (including services from our partners).

Non-Personal Data
We also collect data about the use of our Service and the characteristics and activities of users, in order to operate it and improve it. We may collect the following non-Personal Data:

Technical information – when you use our Services we may collect such data non-personally identifiable data as: your operating system, device type, session start/stop time, time zone, network connection type (e.g., Wi-Fi, cellular), your general location (city and country), and general information regarding your browser and device.

If we combine Personal Data with non-Personal Data, the combined data will be treated as Personal Data.

HOW DO WE USE THE DATA WE COLLECT?
Provision of the Service
we will use the Personal Data you provide us for the provision and improvement of our Service, providing customer support and to respond to your queries.
Service announcements - we will use your Personal Data to communicate with you and to keep you informed of our latest updates to our Service and offer you service offers.
Analytics, surveys and research - from time to time, we may conduct surveys or test features, and analyze the data we have to develop, evaluate and improve these features, all in order to improve our Services and offerings (including to our business partners), and think of new and exciting features for our users.
Protecting our interests - we may use your Personal Data when we believe it’s necessary in order to take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of our services and protect the rights and property of the Company, its users and/or partners.
Enforcing of policies - we may use your Personal Data in order to enforce our policies, including but not limited
to our Terms.
Compliance with legal and regulatory requirements - we may use your Personal Data to investigate violations, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.

Marketing and advertising
- We may use your Personal Data in the following ways: we may send you promotional material concerning our Service, or our partners' services, which we believe might interest you; we may also display certain adverts on our Service, which we believe will be relevant for you. We make our best efforts to make sure you see only relevant ads and receive relevant communications from us, including but not limited to, by building an automated profile based on your Personal Data.

Opt-out of receiving marketing materials - You may choose not to receive our promotional or marketing emails (all or any part thereof) by clicking on the “unsubscribe” link in the emails that you receive from us. Please note that even if you unsubscribe, we may continue to send you service-related updates and notifications, or reply to your queries and feedback you provide us.
If you do not want us to share your Personal Data for marketing purposes, you may opt-out in accordance with this "Opt-out" section. Please note that even if you opt-out, we may still use and share your Personal Data with third parties for non-marketing purposes (for example to fulfill your requests and orders, communicate with you and respond to your inquiries, etc.). In such cases, the companies with whom we share your Personal Data are authorized to use your Personal Data only as necessary to provide these non-marketing services.

TRACKING TECHNOLOGIES
When you visit or access our Services we use (and authorize 3rd parties to use) pixels, cookies, events and other technologies (collectively, "Tracking Technologies"). Those allow us to automatically collect information about you, your device and your online behavior, in order to enhance your navigation in our Services, improve our Services’ performance, perform analytics and customize your experience. In addition, we may merge data we have with data collected through these tracking technologies and data we may obtain from other sources and, as a result, such data may become Personal Data. To learn more about who we use Tracking Technologies, please read our Cookie Policy.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
Internal concerned parties
- we share your information with companies in our group, as well as our employees, as needed to provide our Services.

Business partners:

Employees - Your use of the Services and any Personal Data we collect during your use of the Services is performed in connection to fulfilment of a gift you received from your Employer, with which we have contracted. Personal Data you provide during your use of the Services is provided to us by your employer, or on its behalf.

Providers - We share your information with business partners such as storage and analytics providers who help us provide you with our service. These third parties may have access to your Personal Data so that they may perform these tasks on our behalf, but they are obligated to comply with the highest security standards and applicable data protection legislation, and may not use your Personal Data for any other purpose.

Compliance with laws and law enforcement entities - we cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party's property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable. We also may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.

Merger and acquisitions – we may share your data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Privacy Policy.

HOW WE PROTECT YOUR INFORMATION
We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Data. Your data is stored on secure servers and isn’t publicly available. We limit access of your information only to those employees or partners on a “need to know” basis, in order to enable the carrying out of the agreement between us. While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your Personal Data, we cannot ensure or warrant the security and privacy of your Personal Data or other content you transmit using the Service, and you do so at your own risk.

RETENTION
We will retain your Personal Data for as long as necessary to provide our Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing Personal Data, communications and anything else as required by applicable laws and regulations.

USER RIGHTS
California User Rights

If you are a California resident, California Civil Code (Section 1798.83) permits users of the Services who are California residents to request and obtain from us a list of what Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties.  Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to dpo@meetsnappy.com.

EU User Rights
As an EU resident, you may request to:
a. Receive confirmation as to whether or not Personal Data concerning you is being processed, and access your stored Personal Data, together with supplementary information.
b. Receive a copy of Personal Data you directly volunteer to us in a structured, commonly used and machine-readable format.
c. Request rectification of your Personal Data that is in our control.
d. Request erasure of your Personal Data.
e. Object to the processing of Personal Data by us.
f. Request to restrict processing of your Personal Data by us.
g. Lodge a complaint with a supervisory authority.
Please note that these rights pertain to EU residents only, are not absolute, and may be subject to our own legitimate interests and regulatory requirements. A list of Supervisory Authorities is available here:  https://edpb.europa.eu/about-edpb/board/members_en
Users Outside the EU - Some of the aforementioned rights are applicable in certain jurisdictions outside the EU as well. Users residing outside the EU are welcome to contact us for any questions or requests at the details below.

TRANSFER OF DATA OUTSIDE THE EEA
If you reside in the European Union ("EU"), please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, rely on our self-certification under the EU-U.S. Privacy Shield Framework, or enter into legal agreements ensuring an adequate level of data protection.

A NOTE TO EU INDIVIDUALS
Snappy App, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield. Snappy App, Inc. has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
 
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Snappy App, Inc. is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to them in the United States.  

Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to dpo@meetsnappy.com. If requested to remove data, we will respond within a timeframe required under applicable laws.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than as described in the privacy policy, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  
To request to limit the use and disclosure of your personal information, please submit a written request to dpo@meetsnappy.com.
We are required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Our accountability for personal data that we receive in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.In compliance with the EU-US Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your Personal Information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at dpo@meetsnappy.com or by mail at the address below.
Snappy App, Inc. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD.

If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

OUR POLICY TOWARD CHILDREN
We understand the importance of protecting children’s privacy, especially in an online environment. Our Services are not designed for or directed at children under the age of 16 years old (“Minors”). We do not knowingly collect Personal Data from Minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Data, he or she should contact us using the details provided above.

HOW TO CONTACT US?

If you wish to exercise any of the aforementioned rights, or receive more information, please contact our Data Protection Officer (“DPO”) using the details below:
Email: dpo@meetsnappy.com
Mailing address:
Snappy Gifts
125 5th ave, FL5New York, 10003
NY
United States

UPDATES TO THIS POLICY
This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our Services (as reflected in the "Last Updated" heading). You are advised to check for updates regularly. By continuing to access or use our Services after any revisions become effective, you agree to be bound by the updated Privacy Policy.


© 2019 by Snappy App, Inc.