Privacy Policy for Compass Users

General Terms And Conditions Between BeMyEye And An Eye - Version Of 12 November 2020

This Privacy Policy is intended to describe why and how BeMyEye Holdings Ltd, and its subsidiaries (collectively “BeMyEye”), as Data Controller (“BME”, “Company” or “Data Controller”), collects and processes the personal data relating to the user (“User”) who interacts with the mobile application named “Compass”. The usage of Compass and the other services provided by BME are here collectively defined “Services”.

 

Compass is a proprietary mobile application and back-end technology, owned by BME, that allows professional field reps to conduct store-checks, collect data efficiently from points of sales and learn what needs to be fixed at each monitored store. Compass Users are usually employees or collaborators of a company (“Client”) that purchased the Services from BME.

 

The information contained in this Privacy Policy is provided pursuant to art. 13 of the EU Regulation of 27 April 2016 n. 679 (“Regulations”), under the applicable provisions of the law, for the protection of personal data as per the Guidelines set out by the European authorities.

The information related to the processing of data concerns only the User activity on Compass and does not extend to the processing operations performed by third parties of other sites the User may visit via links. With respect to these further processing operations, the Company assumes no responsibility and the User must refer to the individual Privacy Policy of third-party websites.

1. Owner and place of processing

The data controller is BeMyEye Holdings Ltd, with its registered office at 6-8 Tokenhouse Yard, London EC2R 7AS, United Kingdom and with its individual subsidiaries located in the territories of the European Union and of the Russian Federation.

In the case of transfer of data to countries that do not uphold a standard of protection equivalent to that of European Union, the Company undertakes to adopt the necessary measures for this transfer.

2. Responsible for the protection of personal data (Data Protection Officer)

The Data Protection Officer (“Data Protection Officer” or “DPO”), designated in accordance with the provisions of the Regulations, can be contacted at the following address: DPO@bemyeye.com.

3. Methods of data processing

The Company processes User’s data by adopting all appropriate security measures to prevent unauthorized access and the disclosure, modification or destruction of unauthorized data. The processing is carried out with both manual and computerized tools and is strictly limited to the purposes indicated.

4. Purposes of data processing

The Company, through Compass, processes the User’s data for the following purposes:

  • manage the User registration in Compass and its usage;
  • inform the User about actions that shall be taken via Compass or that were taken already;
  • provide support to the User;
  • perform aggregated and individual statistical analysis on store-check data collected via Compass;
  • perform aggregated and individual statistical analysis on the usage of Compass;
  • comply with all legal obligations and, if the case may be, with contractual obligations between the Client and BME;

inform the User about new features.

5. Categories of data processed

The Company acquires and processes the following information:

  • name and surname;
  • email address;
  • GPS location during store-checks;
  • number of steps during store checks;
  • distance walked during store-checks;
  • data and pictures of store-checks voluntarily input by the User via the Compass app;
  • usage data of the Compass app.

6. Communication of data to third parties

The data provided by the User as well as those collected by Compass may be communicated for the purposes and methods described in this Privacy Policy, to the following third parties:

  • the Client;
  • companies of the BME Group, for administrative-accounting purposes, for the pursuit of the legitimate interests of the Company and/or third parties, and for purposes of execution of the Services expressly requested by the User;
  • companies, collaborators, consultants or freelancers used by the Company to perform technical or organizational tasks (such as IT service providers), or with which the Company collaborates (including other BME companies), for the purpose of providing its services or carrying out communication activities;
  • persons, companies or professional firms that provide assistance and advice to the Company, with particular but not exclusive reference to accounting, administrative, legal, tax and financial matters;
  • subjects whose right to access data is recognized by legal provisions or by authorities’ orders.

The subjects belonging to the above categories will use the data as independent data controllers in accordance with the law or data processors duly appointed by the Company.

These subjects may be established in EU and non-EU countries. In particular, if said subjects are established in non-EU countries, the Company adopts the measures outlined by the Regulations to legitimize the transfer of personal data to them, and specifically in the United States by virtue of the accession of suppliers to the program Privacy Shield.

7. Data retention

The User may exercise where applicable, in the cases expressly set out by law, the rights outlined by the Regulations. In particular, the User has the right to:

  • request confirmation that the Data is being processed and, in this case, ask the Data Controller to access the information related to the processing;
  • request the correction of inaccurate or incomplete Data;
  • ask the Data Controller to delete the Data;
  • request the limitation of processing;
  • request to receive, in readable format, the data concerning him/her or to directly transmit the data to another holder, where technically feasible (“data portability”).

The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him or her.

These rights can be exercised directly by sending a request to the following email address: privacy.users@bemyeye.com.

Finally, if the user believes that the processing of their data violates the legislation on the protection of personal data, they have the right to lodge a complaint with the Authority for the protection of personal data.

8. Rights of the User and contacts

The User may exercise where applicable, in the cases expressly set out by law, the rights outlined by the Regulations. In particular, the User has the right to:

  • request confirmation that the Data is being processed and, in this case, ask the Data Controller to access the information related to the processing;
  • request the correction of inaccurate or incomplete Data;
  • ask the Data Controller to delete the Data;
  • request the limitation of processing;
  • request to receive, in readable format, the data concerning him/her or to directly transmit the data to another holder, where technically feasible (“data portability”).

The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him or her.

These rights can be exercised directly by sending a request to the following email address: privacy.users@bemyeye.com.

Finally, if the user believes that the processing of their data violates the legislation on the protection of personal data, they have the right to lodge a complaint with the Authority for the protection of personal data.

10. Changes to the Privacy Policy

The Company reserves the right to make changes to this Privacy Policy at any time, by giving notice of it by publishing it on its website https://www.bemyeye.com.

If the changes are particularly significant and / or impact the User’s rights, the Company may communicate them to the User through a different method (for example by sending an email).

Want To Learn More About Our Features?

Click there to check them out: