Privacy Policy for Compass Users
General Terms And Conditions Between BeMyEye And An Eye - Version of 21 January 2021
This Privacy Policy is intended to describe why and how BeMyEye Holdings Ltd or its subsidiaries (“BeMyEye”), as Data Controller (“BME”, “Company” or “Data Controller”), collects and processes the personal data relating to the user (“User”) who interacts with the mobile application named “Compass”. The usage of Compass and the other services provided by BME are here collectively defined “Services”.
Compass is a proprietary mobile application and back-end technology, owned by BME, that allows professional field reps to conduct store-checks, collect data efficiently from points of sales and learn what needs to be fixed at each monitored store. Compass Users are usually employees or collaborators of a company (“Client”) that purchased the Services from BME. The Users are authorized by the Client to access and to use Compass and the Client has informed the Users in relation to the Compass’s purposes for the Client’s goals.
The information contained in this Privacy Policy is provided pursuant to art. 13 of the EU Regulation of 27 April 2016 n. 679 (“Regulations”), under the applicable provisions of the law, for the protection of personal data as per the Guidelines set out by the European authorities.
The information related to the processing of data concerns only the User activity on Compass and does not extend to the processing operations performed by third parties of other sites the User may visit via links. With respect to these further processing operations, the Company assumes no responsibility and the User must refer to the individual Privacy Policy of third-party websites.
1. Owner and place of processing
The data controller is the BeMyEye company with which the Client has signed the agreement regulating the provision of the Services. You shall find the list of the relevant company in order to identify the relevant data controller in the following paragraph 10. Personal data collected and processed by the Data Controller through Compass will be stored and retained in our server in Ireland.
2. Responsible for the protection of personal data (Data Protection Officer)
The Data Protection Officer (“Data Protection Officer” or “DPO”), designated in accordance with the provisions of the Regulations, can be contacted at the following address: DPO@bemyeye.com.
3. Methods of data processing
The Company processes User’s data by adopting all appropriate security measures to prevent unauthorized access and the disclosure, modification or destruction of unauthorized data. The processing is carried out with both manual and computerized tools and is strictly limited to the purposes indicated.
4. Purposes and legal basis of data processing
The Company, through Compass, processes the User’s data for the following purposes:
- Manage the User registration in Compass and its usage, manage the information provided by the User or collected by the app in order to execute the services required by the Client, included the geolocalization information necessary to correctly individuate the stores under the services.
- Inform the User about actions that shall be taken via Compass or that were taken already and provide support to the User as well as inform the User about new features.
The legal basis of these data processing is the execution of service required by the Client and, in particular, the need to allow Users to use Compass.
- Perform aggregated and individual statistical analysis on store-check data collected via Compass as well as on the usage of Compass. The legal basis of the data processing is the legitimate interest of the Company to maintain and develop its technologies.
- Comply with all legal obligations to which the Company is subject, that are also the legal basis for the relevant data processing.
5. Categories of data processed
The Company acquires and processes the following information:
- name and surname;
- email address;
- GPS location during store-checks;
- usage data of the Compass app.
The above mentioned information are necessary to perform Compass functionalities and to carry out the services required by the Client. Lacking the personal data processed, it will be not possible to ensure the operation of Compass itself.
6. Communication of data to third parties
The data provided by the User as well as those collected by Compass may be communicated for the purposes and methods described in this Privacy Policy, to the following third parties:
- the Client;
- companies of the BME Group, for administrative-accounting purposes, for the pursuit of the legitimate interests of the Company and/or third parties, and for purposes of execution of the services expressly requested by the User;
- companies, collaborators, consultants or freelancers used by the Company to perform technical or organizational tasks (such as IT service providers), or with which the Company collaborates (including other BME companies), for the purpose of providing its services or carrying out communication activities;
- persons, companies or professional firms that provide assistance and advice to the Company, with particular but not exclusive reference to accounting, administrative, legal, tax and financial matters;
- subjects whose right to access data is recognized by legal provisions or by authorities’ orders.
The subjects belonging to the above categories will use the data as independent data controllers in accordance with the law or data processors duly appointed by the Company.
These subjects may be established in EU and non-EU countries. In particular, if said subjects are established in non-EU countries, the Company adopts the measures outlined by the Regulations to legitimize the transfer of personal data to them.
7. Data retention
The data is processed only for the time necessary to carry out the activities indicated in paragraph 4 above.
In particular, the Company will delete the personal data of the User who has requested it be deleted by writing to privacy.users@bemyeye.com, unless the persona data shall be necessary to defend or protect rights or interest of the Company or third parties. In the absence, the Company shall delete the data of Users after 24 months of inactivity. The information collected shall be used by the Company in anonymous way to improve the app functions, the relevant methodologies and to develop its maintenance.
8. Rights of the User and contacts
The User may exercise where applicable, in the cases expressly set out by law, the rights outlined by the Regulations. In particular, the User has the right to:
- request confirmation that the Data is being processed and, in this case, ask the Data Controller to access the information related to the processing;
- request the correction of inaccurate or incomplete Data;
- ask the Data Controller to delete the Data;
- request the limitation of processing;
- request to receive, in readable format, the data concerning him/her or to directly transmit the data to another holder, where technically feasible (“data portability”).
The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him or her.
These rights can be exercised directly by sending a request to the following email address: privacy.users@bemyeye.com.
Finally, if the user believes that the processing of their data violates the legislation on the protection of personal data, they have the right to lodge a complaint with the Authority for the protection of personal data.
9. Who is the Data Controller?
As anticipated in previous paragraph 1, the data controller is the BeMyEye company with which the Client has signed, from time to time, the agreement regulating the provision of the Services.
Please see the list below of our BeMyEye Companies in order to identify your data controller. For any details, please feel free to contact us by writing to privacy.users@bemyeye.com and we will be happy to provide you with all clarifications needed.
# | Legal entity | Registered Address |
1 | BeMyEye Holdings Ltd | c/o GOP, 6-8 Tokenhouse Yard, London EC2R 7AS, United Kingdom |
2 | BeMyEye UK Ltd (100% owned by #1) | c/o GOP, 6-8 Tokenhouse Yard, London EC2R 7AS, United Kingdom |
3 | BeMyEye Italy Srl (100% owned by #1) | c/o BTA, Via Matteo Bandello 15, 20123 Milano, Italy |
4 | BeMyEye France Sas (100% owned by #1) | 198 bis, Rue La Fayette, 75010 Paris, France |
5 | BeMyEye Spain SL (100% owned by #1) | c/o B&Z, Av. del Brasil 17, 28020 Madrid, Spain |
6 | BeMyEye DE GmbH (100% owned by #1) | c/o Metzner & Partner mbB, Hans-Thoma-Straße 24, 60596 Frankfurt am Main, Germany |
7 | Streetbee Holding LLC (100% owned by #1) | 120, k 23, p I, et 1, ul.Seleznevskaya, 11A, str 2, 127473, Moscow, Russia
|
8 | Streetbee Hive LLC (100% owned by #7) | Premises 1448 РМ 2, 4th floor, Bolshoi bulvar, 42, bld. 1, the Skolkovo Innovation Center, 121205, Moscow, Russia |
10. Changes to the Privacy Policy
The Company reserves the right to make changes to this Privacy Policy at any time, by giving notice of it by publishing it on its website https://www.bemyeye.com.
If the changes are particularly significant and / or impact the User’s rights, the Company may communicate them to the User through a different method (for example by sending an email).
