(Last Edited 2023.01.15)
We respect and protect your privacy and undertake to Process your Personal Data in a fair and lawful manner. We implement appropriate technical and organisational measures to safeguard Personal Data from unauthorized access, unlawful disclosure, accidental loss, modification, destruction or any other unlawful Processing.
App – as described in the BoomioApp terms and conditions (“Terms”).
Data Processor – a person or an entity who Processes Personal Data on behalf of the Data Controller.
GDPR – Regulation (EU) 2016/679 (General Data Protection Regulation).
Personal Data – any information that, directly or indirectly, can identify a living natural person.
Processing – any operation or set of operations performed with regard to Personal Data, whether or not performed by automated means, for example collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, combination, erasure or destruction.
Recipient – a natural or legal person, public authority or another body, to whom Personal Data may be lawfully disclosed by the Company.
We currently collect and Process the following information:
- Identification & contact data, such as name (user name), password, age, email address. This information is provided by you when you create an account in the App. Some identification & contact data may be provided to us by third parties, when you access the App through other service providers (e.g., your Apple ID);
- Account data, such as your profile image, gender, location, phone number, participation in Games, purchases, interests. Such data are provided by you while using the App;
- Wallet data, such as amount of Boomio tokens, use of Boomio tokens. Such data are provided by you while using the App;
- Communication data, related to communication between you and the Company within the App, via email or by other means;
- Technical data, such as IP address, Mobile Device information, log information (date and time of visit, time spent on the App, features used, etc.). Such data are provided by you/your Mobile Device and are collected automatically.
We only collect and process Personal Data about you where we have legal grounds. Legal grounds include consent (where you have given consent), contract (where processing is necessary for the performance of the Terms), legal obligations applicable to us and our legitimate interests.
The main purpose of Processing the Personal Data is to perform the Terms. Examples of purposes for such Processing include:
- to authorize, provide, control and administer access to the App and the Services within the App;
- to manage our relationships with you.
The Company needs to comply with legal obligations. Therefore, we are required to Process Personal Data in accordance with applicable laws. Examples of purposes for such Processing are:
- to comply with rules and regulations relating to accounting, legal investigations, etc.;
- to fulfil the obligations of applicable litigation laws.
The Company Processes Personal Data for our legitimate interests. This Processing is necessary for the purposes of a legitimate interest pursued by the Company, which we have considered outweighing the Data Subject’s interest of protection of the Personal Data. Examples of purposes for such Processing are:
- to develop, examine and improve the App and/or the Services and/or the Data Subject’s user experience by performing analyses, statistics, etc.;
- to prevent or investigate possible fraud or other violations of the Terms and/or attempts to harm other App users;
- to reply to the Data Subject’s requests;
- to establish and defend legal claims.
Some of the data may be Processed based on the Data Subject’s consent. Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time.
The Company may share some Personal Data with Recipients, such as competent authorities. The Company does not disclose more Personal Data than necessary for the purpose of disclosure. Recipients may Process the Personal Data acting as Data Processors and/or as Data Controllers. When Recipient is Processing Personal Data on its own behalf as a Data Controller, the Recipient is responsible for providing information on such Processing of Personal Data to the Data Subject.
The Company may disclose Personal Data to Recipients, such as:
- Service providers, who organize Games within the App or provide Services;
- Data Processors invoked by the Company for development and/or maintenance of the App and/or the Services;
- Competent authorities, such as tax authorities and law enforcement agencies;
- Financial and legal consultants, auditors, other service providers and affiliates of the Company, to whom disclosing of the Personal Data is necessary and lawful
As a general rule Data Subject’s Personal Data are Processed within the EU/EEA. The transfer and Processing of Personal Data outside of the EU/EEA could only take place if there is a legal basis and appropriate safeguards.
We keep Personal Data for a limited time period and in any event no longer than necessary for the purposes for which the Personal Data were collected. The retention periods are defined by the laws or legitimate interests of the Company. After the retention period comes to an end the Company will then delete the Personal Data.
Under GDPR, you have the following rights:
Your right of access – you have the right to ask us for copies of your personal information.
Your right to rectification – you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – you have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of Processing – you have the right to ask us to restrict the Processing of your information in certain circumstances.
Your right to object to Processing – you have the right to object to the Processing of your information in certain circumstances.
Your right to data portability – you have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
You can also complain to the Lithuanian State Data Protection Inspectorate (website address: www.vdai.lrv.lt) if you are unhappy with how we have used your Personal Data.
UAB “ALADIN INNOVATION”
Kauno str. 16, Vilnius