PRIVACY POLICY
INTRODUCTION
One of the core values of Dreamtter is security and efficiency – so we totally protect your data and we worship the ownership of our clients` personal data.
With this privacy policy we want to be fully transparent about data is processed while using our app Dreamtter. We want to create easy mechanisms to be informed about our processes in which your data is involved, to understand how to exercise your privacy rights and, where is possible, to manage your privacy choices.
We may update and amend this Policy periodically to reflect any changes in the way we process your personal data or any changes in legal requirements, so please check the contents of this document periodically.
OUR COMMITMENT
-
Dreamtter does not and will not sell personal information. We only use the information that you give us and the public information received from social media platform when you sign in with your social media account.
-
We have analyzed, classified, and defined our processes and the necessary security level for each process. Thus, we will use personal information for defined purposes.
-
We want that our platform to be used worldwide. So, we consider and want to comply every privacy and security law.
-
Security is one of the most important values of our platform, so we invest in cybersecurity to protect the information, to prevent attacks on our platform and to assess the risks and vulnerabilities that may occur.
-
When our process is based on your consent, we will take all necessary measures to handle the legal mechanism to exercise it according to your will.
WHO WE ARE
Dreamtter is the trade name of DREAMTTER S.R.L. (hereinafter "the Company"), a Romanian legal entity, with registered office in Cluj-Napoca, Aleea Valeriu Bologa, No. 3, Floor 2, Apartment 28, Cluj County, registered with ORCT Cluj under no. J12/2888/2023, with CUI 48440421, hereinafter referred to as Dreamtter or us.
For the purposes of personal data protection legislation we are a data controller when we process data directly from you, but also when we collect it from third parties.
YOUR PERSONAL DATA
We collect your personal data directly from you, unless you opt-in with your social media accounts, so you have control over the type of information provided to us. By way of example, we receive personal data in the following processes:
-
Creating an account: first name, last name, email, social media ID, if applicable;
-
When you insert your goals: type of goal, which might involve sensitive data such as health information, information about your appearance by inserting photos;
-
When you fill in how you meet your goals: how often and how you meet the goal;
-
Through the use of the app we may collect technical information such as: (e.g., device type, model, operating system), Location information (if applicable), User ID (if provided), First and last active timestamps, Device language, the details of the device you use, and information collected through analytical cookies.
This personal information we collect when you:
-
Download our app;
-
Sign up and create an account;
-
Create your vision board and objectives;
-
Use our product;
We collect public information from social media platforms through API. You can access the links below to check which personal data is transferred by these platforms:
-
For Facebook: https://www.facebook.com/policies?ref=pf;
-
For Google: https://policies.google.com/privacy?hl=en-US
-
For Apple: https://www.apple.com/legal/privacy/en-ww/
Legal basis for using personal data
-
Consent
-
If you agree to test our app when is in Beta phase;
-
When you download our app;
-
If you agree to sign in with social media platforms;
2. Contractual basis
-
After you signed in, we use your data in order to perform our contractual obligation that we assumed in our Terms and Conditions;
3. Legitimate interest
-
We want to provide the best experience so, we check technical issues that may arise while using the site.
-
To keep our services up and running including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to make sure that content from our app is presented in the most effective way for you and your device;
-
To prepare anonymized statistical datasets but it will not be linked with your personal information;
-
There may be situations where we use or transmit information to protect our rights and business. These may include: measures to protect the website and users from cyber-attacks, measures to prevent and detect fraud attempts, including the transmission of information to the relevant authorities, measures to manage various risks.
HOW LONG DO WE KEEP YOUR DATA?
As a general rule, we will store you for as long as you have an account in our app. You may request the deletion of information or the closure of your account at any time and we will comply with such requests subject to the retention of certain information even after account closure where required by applicable law or our legitimate interests.
RIGHTS REGARDING PERSONAL DATA
The right to be informed
The right to rectification
The right to delete
The right to object
The right to portability
Your rights relating to decisions being made about you without human involvement
The right to restrict the use of personal data
Complaints
This privacy policy explains how we process personal data;
If you ask, we can give a copy of the personal data that we hold about you; by exception, we cannot give information if your data is linked to other people`s information.
We can hold incomplete or incorrect information and you ask for rectification. Before we update the information, we may need to check the accuracy of the information;
You can ask us to delete your personal data if:
-
you want to delete your account;
-
you gave us consent (permission) to use your personal data and you have now withdrawn that consent;
-
you have objected to us using your personal data;
-
we have used your personal data unlawfully;
You can object to processing when data is used:
-
for our legitimate interests;
-
for scientific or statistical purposes;
-
for direct marketing purposes.
This right is similar to your right of access but there are some differences. Specifically, the right only applies to data that:
-
is held electronically, and
-
you have provided to our site.
You can make a portability request at any time when the processing of your data:
-
relies on your consent to use your personal data, or
-
uses your data as part of a contract you have with us.
You have the right:
-
not to be subject to a decision that is based solely on automated processing if the decision affects your legal rights or other equally important matters;
-
to understand the reasons behind decisions made about you by automated processing and the possible consequences of the decisions, and
-
to object to profiling in certain situations, including for direct marketing.
You can ask to temporarily limit the use of your data when you are considering:
-
a challenge you have made to the accuracy of your data, or
-
an objection you have made to the use of your data.
You may also ask to limit the use of your data rather than delete it if:
-
we processed your data unlawfully but you do not want it deleted, or
-
we no longer need your data but you want us to keep it in order to create, exercise or defend legal claims.
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, cod poștal 010336, București, Romania
E-mail:anspdcp@dataprotection.ro
To exercise your rights, you can contact us using the contact details above. Please note the following if you wish to exercise these rights:
-
Please send us your requests regarding such communications using the email address assigned to your Dreamtter account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
-
We will not charge you a fee to exercise any right in relation to your personal data, unless your request for access to information is unfounded, i.e. repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees charged before we process your request.
-
We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than one month.
DATA TRANSFERS TO OTHER PARTIES
Where appropriate, we may transmit or provide access to certain data to the following categories of recipients:
-
IT service providers;
-
public authorities - if necessary to protect a legitimate interest or if we have a legal obligation;
TRANSFERS OUTSIDE EUROPEAN ECONOMIC AREA (EEA)
All your data will be stored on our servers, in European Union. By exception, data will be able to be transferred to IT providers outside the EEA, in the US, but we will endeavour to ensure that this type of transfer is to a limited number of such providers.
We will always take steps to ensure that any international transfer of data is carefully managed in order to manage your rights and interests.
Transfers to service providers and other third parties will always be protected by contractual agreements and, where appropriate, other safeguards such as standard contractual clauses issued by the European Commission or certification schemes such as the EU-U.S. Data Privacy Framework
We will take all reasonable steps to make sure that your personal data is handled securely and in line with this privacy policy and data protection laws.
If you would like more information, please contact us by sending an email to support@dreamtter.com.
SECURITY OF THE PERSONAL DATA
As we said before, we price security, integrity, availability of the personal data. We use a variety of physical and technical measures to keep the personal data safe and prevent data breaches. Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. We have detailed security and data protection policies which staff are required to follow when they handle your personal data.
We conducted risk assessments and security analyses prior to the start of development to identify potential threats and security needs.
Throughout the development of the application, we will conduct security reviews and tests to detect and remediate security issues prior to release.
We will use TLS (Transport Layer Security) to encrypt data transmitted between the application and the server. This ensures that data is protected against interception during transfer.
We will encrypt the data stored in our database. Encryption keys will be managed through a centralised key management system ensuring that they are only accessible to authorised personnel.
We will use checksums and hashes to verify data integrity. This allows us to detect unauthorized changes or data corruption.
We will limit access to databases and data storage systems by ensuring that only authorized personnel can modify data.
API: We will ensure that all API entries are properly validated to prevent injection attacks. We will use TLS to encrypt data transmitted through APIs. We will implement a system to monitor API activity to detect and respond quickly to suspicious or potentially malicious activity. When you use our services, which includes our social network accounts, we advise not to share any personal data that you don't want to be seen, collected or used because this information will become publicly available.
Despite the measures taken to protect your data, please note that the transmission of information over the Internet is not completely secure and there is a risk that data may be seen by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems that are not in our control.
This policy is effective from 17th January 2024.