Last updated: August 27th, 2019
Your privacy is very important to us.
Please read this document carefully.
The key points are:
The only personally identifiable information we store can be your email, if you choose to create an optional account with us, and the possible feedback you send us.
We collect anonymous information about how you use the Service.
We do not sell this data to third-parties.
We receive location information from you only to show you better map recommendations on the Home page. We do not store this information.
applies to the Hikepack mobile application and the website https://www.hikepack.earth (the "Service"), operated by Alexandru Tomescu and Alexandru Tudor ("us", "we", or "our").
and it also acts as a communication from us to our data subjects (hereinafter our data subjects may also be referred to as “you”)
through which we inform the data subjects of the ways we process their personal data.
Name: Alexandru Tomescu
Address: Metsäpurontie 23 A, 00630, Helsinki, Finland
Name: Alexandru Tudor
Address: Eroilor 40, Draganesti-Olt, Olt, Romania
2) PERSON IN CHARGE OF DATA FILES
Name: Alexandru Tomescu
Contact details: +358401973264, email@example.com
Name: Alexandru Tudor
Contact details: +447407068849, firstname.lastname@example.org
3) CATEGORIES OF DATA SUBJECTS
4) CATEGORIES OF PERSONAL DATA
The data files concerning the data subjects of Section 3) may contain the following categories of personal data:
data about your device, such as information about the device you use, the type of your device, your IP-address and various diagnostic data such as available disk storage space, screen size, and resolution, language and region (as set in your device’s settings).
possible other information gathered with the data subject’s consent, such as feedback sent through the mobile application.
More detailed information about all the data we collect and how we collect it:
Each time you install the mobile application, the application automatically generates an account for you, based on a unique “application number” (or “user ID”) and password that are passed along in all communications with our server. Logs about each such communication event are stored on our server. These user IDs help protect our server from unauthorized use and allow us to diagnose, fix and improve the Service. If you create an account with the Service using your E-mail, then the E-mail will also be associated to your user ID, and also used together with it all communications with our server. If you are logged into iCloud on your iOS device, then your user ID is is provided by Apple. This does not personally identify you. This user ID will be your application number on all your iOS devices where you are logged in with the same iCloud credentials.
If you log in via E-mail, then we will associate your E-mail to your account. Note that we do not require you to choose a password for your account. Each authentication is done by (1) us sending an authentication link to your E-mail address, and (2) you clicking on that authentication link. Other information we collect include: information about the in-app purchases (Pro Pass) you make through the App Store relative to mobile application (for example: purchase date, product identifier, price, and other information available in an App Store receipt, but not payment or financial information), the list of maps you currently have downloaded on your device, feedback you send through the Service, certain preferences and settings you make with respect to the Service, your IP address.
If you allow the mobile application to access your current location, then we will use that to give you better map recommendations on the Home page, but we will not store it nor associate it to your account. When the Service shows your location on a map, or displays your geographics coordinates, that location information does not leave your device and we do not collect in any manner.
To diagnose, remedy problems, and improve the quality of the Service, we also collect anonymous information about how you use the Service (unlinked to user ID or E-mail), for example, which features of the Service you activate and use, session duration, operating system, device model and information about errors and crashes. We currently use the following third-party services which collect data:
5) PURPOSE OF THE PROCESSING OF PERSONAL DATA
We process the personal data of the data subjects of Section 3) for the following purposes:
Management and development of the customer relationship.
For improving our Service.
To enable us to comply with our legal and regulatory obligations.
Analysis and statistics.
To ensure the basic functioning of the Service. For example, your in-app purchases are needed so that we can activate the Pro Pass subscriptions
To provide you a mechanism to synchronize your purchases on all your devices, in case you are not logged in into iCloud.
To provide, update, maintain and protect our Service and to ensure that the Terms and Conditions are not breached. For example, to prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities, or at a user’s request.
For billing, account management and other administrative matters.
To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Service, our Service offerings, and important Service-related notices, such as security and fraud notices. These communications are considered part of the Service and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about our Service. These are marketing messages so you can control whether you receive them.
6) LEGAL BASIS FOR PROCESSING
The controller has the right to process the personal data of the data subjects based on the:
consent received from the data subjects;
legal obligation to which the controller is subject.
7) REGULAR SOURCES OF INFORMATION
Information regarding the data subjects are regularly gathered:
from data subjects themselves via phone, internet, e-mail, the mobile application or in other similar fashion; and
with cookies and other similar technology.
8) PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
8.1) We shall retain the data of the data subjects of Section 3) for a period of:
in the case of the e-mail address, for as long as the data subject has an account with us.
in the case of all other information, for as long as necessary, up to a limit of 10 years.
8.2) The controller inspects the necessity of the personal data stored every 12 months.
9) CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The recipients of personal data may consist of the following categories:
our affiliate companies;
parties who offer cloud services for data storage;
parties who offer accounting and auditing services; and
parties who help us to fulfill our legal obligations.
10) REGULAR DISCLOSURE OF DATA AND INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA
The personal data is stored on a server inside the European Union, owned by ROMARG SRL Romania, Reg. Com. J14/900/1994, CF. RO 652 9540
11) DATA SUBJECTS’ RIGHTS
The data subject has a right to use all of the below mentioned rights.
Right to inspect
The contacts concerning the rights shall be submitted to the person in charge of the data file stated in Section 2. The rights of the data subject can be put into action only when the data subject has been satisfactorily identified.
Having presented the adequate and necessary information, the data subject has the right to know what, if any, data the controller has stored of her/him into this register. While providing the requested information to the data subject, the controller must also inform the data subject of the register’s regular sources of information, to what are the personal data used for and where is it regularly disclosed to.
Right to rectify and erasure
The data subject has a right to request the controller to rectify the inaccurate and incomplete personal data concerning the data subject.
The data subject can request the controller to erase the personal data concerning the data subject, if:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based on;
the personal data have been unlawfully processed; or
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Let it be known that the data subjects’ rights to rectify and erase data does not concern the data which the controller must retain due to its legal obligations.
If the controller does not accept the data subject’s request to rectify or erase the personal data, it must give a decision of the matter to the data subject in a written form. The decision must include the reasons for which the request was not granted. The data subject may refer the matter to the relevant authorities (the Data Protection Ombudsman in Finland).
The controller must inform the party to whom the controller has disclosed the personal data to or has received the personal data from of the rectification or erasure of personal data. However, there is no such obligation where the fulfilment of the obligation would be practically impossible or otherwise unreasonable.
Right to restriction of processing
The data subject can request the controller to restrict the processing of the personal data concerning the data subject where one of the following applies:
the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
If the controller has based the restriction of the processing of personal data on the abovementioned criteria, the controller shall give a notification for the data subject before removing the restriction.
Right to object
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to data portability
The data subject shall have the right to receive the personal data concerning her/him, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent.
Right to withdraw consent
Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.
12) RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged infringement.
Cookies are small text files that a website stores on your device when you browse that website. Cookies store data of your website use.
Cookies are not used for identifying a person.
You can control and/or remove cookies freely at the individual browser level. Instructions can be found for example in here: aboutcookies.org
In order to improve our service, we gather, measure and analyze data concerning your use of the service including (but not limited to) activity, page views, unique visitors and bounce rate. We may also use trusted third-party services that track this information on our behalf (e.g. Google Analytics).
Information from cookies is not combined with information about you from any other source. None of the cookies or technologies that we use will personally identify you.
14) DATA PROTECTION PRINCIPLES
We use all reasonable efforts to maintain physical, electronic, and administrative safeguards to protect personal information from unauthorized or inappropriate access, but we note that the Internet is not always a secure medium. We restrict access to information about data subjects only to us, our employees or our contractors that need to know the information e.g. for responding to inquiries or requests made by the data subjects.
15) DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties, only in the following cases:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If the Service or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request, or a court order or other unlawful demand who may be a partner working on our behalf or providing goods or services that may be of interest to you, or to offer you special promotions or offers.
To subcontractors or suppliers who may supply services to us.
In order to enforce or apply the Terms and Conditions, and other agreements or to investigate potential breaches, or protect the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
16) LINKS TO OTHER WEBSITES AND SERVICES
The Service may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.