Last Updated: 25/9/2019
Here are general clarifying statements briefly outlining App Toro´s attitude towards data collection:
- If you are using the App without making purchases, you are an anonymous user to us and we collect only technical information necessary for running and improving the app (iOS version, device model, app usage, crash reports, device location) – some of this data has been requalified as personal data as well.
- When you are purchasing services, you are required to fill in personal data such as phone number for Call Recording service or email for Transcription Service. This data is required so that we can deliver the service to you and to fulfill legal obligations (invoices).
- We don´t share any information concerning you or your device with any 3rd parties unless it is necessary for running the App or Website, delivering services, our own marketing activities or fulfilling legal obligations.
- Technical 3rd parties are f.e. Apple (app), Amazon (servers).
- Legal 3rd parties are f.e. accounting company processing invoices for services that contain your email or billing information.
- We don´t have an access to recordings on your device, unless you decide to use a service or feature that requires them to be uploaded to our servers (Transcription, Call Recording, Public Sharing).
- All your recordings are your intellectual property and we don´t have any rights or responsibilities in relation to that property.
- Under recent legislation concerning data privacy (General Data Protection Regulation), many types of data have been designated as personal data to catch up with the nature of digital age. The personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. When Customer installs or downloads the App or uploads a recording and purchases Transcription, Provider may collect variety of non-personal data of technical nature (version of the operating system, device model, number of recordings, etc.). This data allows Provider f.e. to improve the App´s performance and resolve potential technical issues. Provider may collect also other kinds of data that are considered as Personal Data f.e.: contact information (e-mail address, billing information, phone number), device information (unique device identifier, iOS identifier), location (device´s city location) (hereinafter collectively as “Personal Data”), etc. These are used primarily for delivery of Services purchased via the App and optimization of Provider´s marketing activities.
- Provider uses the Personal Data (i) to provide the Application Services, (ii) to maintain and/or (iii) to develop the Application Services. In cases prescribed by law, Provider requires for processing the Personal Data Customer’s consent.
- The Personal Data are proceeded both in an automated and a manual way and are stored for 10 years.
- Customer hereby further agrees not to use the Application Services to send sensitive data about him or third person where unauthorized disclosure could cause material or immaterial damage, severe harm or impact to Provider, any data subjects and/or thirds parties. Sensitive data includes, but is not limited to: health data, genetic data, biometric data, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning sexual orientation. Customer hereby further agrees to not use Services for personally identifiable information knowingly collected from children under the age of 13 of from online services designated for children.
- The App and the Website is not designated for children. By downloading or installing the App, or uploading a recording and purchasing Transcription, Customer declares that he is older than 13 years old and is solely responsible for any damage or loss that Provider may suffer because of his untruthful declaration.
- Access to the Personal Data. Customer has the right to obtain from Provider confirmation as to whether or not the Personal Data concerning him are being processed, and where that is the case, access to the Personal Data and the following information: the purposes of the processing, the categories of the Personal Data concerned the recipient to whom Personal Data has been or will be disclosed; the envisage period for which the Personal Data will be stored (if not possible the criteria used to determine that period), the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Personal Data subject.
Customer has the right to request from Provider rectification or erasure of the Personal Data (right to be forgotten) or restriction of processing of the Personal Data concerning Customer or to object to such processing. Customer has also the right to lodge a complaint with supervisory authority (in European Union) and the right to the Personal Data portability.
Right to rectification. Customer shall have the right to obtain from Provider without undue delay the rectification of inaccurate the Personal Data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to be forgotten. Customer shall have the right to obtain from the Provider the erasure of the Personal Data concerning him without undue delay and Provider shall have the obligation to erase the Personal Data without undue delay where one of the following grounds applies: (i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) the Personal Data have been unlawfully processed, (iii) the Personal Data have to be erased for compliance with a legal obligation in the European Union or Member State law to which Provider is subject, (iv) Customer withdraws consent on which the processing is based and there is no other legal ground for the processing, and/or (v) Customer objects to the processing and there are no overriding legitimate grounds for the processing. . Provider will not erase the Personal Data, if the processing of the Personal Data is necessary for (i) the exercising the right of freedom of expression and information, (ii) the compliance with a legal obligation which requires processing by the European Union or Member State law to which Provider is subject, (iii) the performance of a task carried out in the public interest or in the exercise of official authority vested in Provider, (iv) the reasons of public interest in the area of public health, (v) the archiving purposes in the public interest, scientific or historical research purposes or statistical purpose in so far as the right to be forgotten is likely to render impossible or seriously impair the achievement of the objectives of that processing, or (vi) the establishment, exercise or defense of legal claims.
Right to the Personal Data portability. Customer shall have the right to receive the Personal Data concerning him, and which Customer has provided to Provider, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Provider to which the Personal Data have been provided. In exercising Customer’s right to the Personal Data portability, Customer shall have the right to have the Personal Data transmitted directly from one controller to another, where technically feasible.