What data do we collect and why
When you use our services, we may collect the following data:
|Data Category||Collection Means||Purpose of collection and processing||Legal basis for collection and processing (GDPR)|
|Device information (hardware model; device type; unique device identifiers; operating system information; IP address, platform, etc.)||Collected automatically||This includes enabling you to use the Services in a seamless manner and preventing or addressing Services errors or technical issues.||Art. 6.1 (f) - we have a legitimate interest|
|Your name and e-mail||You provide it to us||To manage your account and provide you with customer support.||Art. 6.1 (f) - we have a legitimate interest|
|Your e-mail (EU users)||You provide it to us||To send you information about our updates, special offers, and promotions.||Art. 6.1 (a) - you give your consent|
|Your e-mail (non-EU users)||You provide it to us||To send you information about our updates, special offers, and promotions.||Art. 6.1 (f) - we have a legitimate interest|
|Your age and gender||You provide it to us||To customize your experience by adjusting the content of the Services and providing content tailored to your personal preferences.||Art. 6.1 (f) - we have a legitimate interest|
|Skin goals, skin issues, habits, behaviors, physical characteristics, including photos of your face||You provide it to us||To customize your experience by adjusting the content of the Services and providing content tailored to your personal preferences.||Art. 6.1 (a) - you give your consent|
Please note that photos of your face (further will be referenced as “Face Data”) made with the pora application are stored on your device. We delete them from all our systems upon completion of the visual analysis.
2.1. Collection and Use of Face Data. We collect photos of your face to personalize your skincare programs based on the visual analysis of your facial skin conditions, such as pimples, wrinkles, pigmentation, and others. The collection is executed every time you’re using the in-app camera that helps you capture high-quality photos. The application always explicitly asks you to take photos with the in-app camera. We do not take any photos without you launching the in-app camera.
2.2. Disclosure and Sharing of Face Data. We do not disclose or share your Face Data with any third parties. Our automation only has access to your Face Data during the analysis. Once the analysis is complete, we can’t access your Face Data with any automation. It is technically impossible to access your Face Data for our developers at any moment.
2.3. Retention of Face Data. The Face Data is only stored on your device. The Face Data is deleted from your device upon uninstalling the pora application.
We only store your Face Data at the server-side during the analysis stage. Therefore, your data is no longer present on our servers after the analysis is complete.
How long we retain your Personal Data
We retain your Personal Data for no longer than is necessary for the purposes of its collection and processing but no longer than is necessary for the purposes of its collection, unless we are required to retain your Personal Data for a longer period due to applicable legislation requirements, any ongoing dispute resolution or in order to enforce our agreements.
What are your data protection rights?
We want to make sure that you are fully aware of all your data protection rights and the ways you can exercise them. You are entitled to the following:
3.1. The right to access. You can ask us for a confirmation that we process your Personal Data with the information related to its processing. 3.2. The right to data portability. You can request that we provide you with your Personal Data in a structured and portable format. Apart from that, you can ask us to transmit those data to another controller directly, where technically feasible. 3.3. The right to correction. You can ask us to correct your Personal Data if you believe that it might be inaccurate. 3.4. The right to erasure. You may ask us to erase your Personal Data upon your withdrawal of the consent to processing if you believe that such processing is unlawful. You may also ask us to erase your Personal Data in some other cases indicated in art. 17.1 of the GDPR. Please note that the erasure of your Personal Data may affect your use of our Services. 3.5. The right to restrict processing. You can request a restriction of your Personal Data processing if you contest the accuracy of your Personal Data 3.6. The right to object to processing. You can object to the processing of your Personal Data that is processed under certain legal bases — for example, the data that we process under the legitimate interest basis. 3.7. The right to lodge a complaint with your local data protection supervisor. You can do so in case you believe that our activities are not compliant with the applicable data protection regulations. However, if you have such concerns about our data protection activities, we would kindly ask you to first contact us at email@example.com and we will do our best to ensure proper handling of your Personal Data.
If you wish to exercise any of the rights 3.1 - 3.6 above, please contact us at firstname.lastname@example.org and describe your request in plain language. If you make a request, we have 30 calendar days to make respective actions in connection with your request. In case we need any more time to help you exercise any of your rights, we will let you know.
In case your request is vague or unclear, we may engage in a conversation with you in order to better understand your request. We may also refuse manifestly unfounded and excessive requests.
We might ask you to prove your identity while exercising your data protection rights. This is made to ensure that you are indeed entitled to receive certain information and that no rights of third parties are violated by your request.
We take the protection of your Personal Data very seriously and take all reasonable and appropriate measures to protect them from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.
Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the Services, or that your information won’t be intercepted while being transmitted to us. In case your Personal Data got compromised due to a security breach, we will act promptly to identify the cause and take all reasonable steps to remedy the breach. We will inform you of the incident, if necessary, in connection with the applicable legislation.
If you want to report a security incident related to our Services, please contact us at email@example.com.
We are committed to protecting the privacy of children. We do not knowingly collect Personal Data of any person under the age of 13 (or 16 years old for the residents of the European Union). If you are aware of anyone under 13 (or 16 years old for the residents of the European Union) using the Services, please contact us at firstname.lastname@example.org and we will take the required steps to delete such information and (or) delete the account.
Sharing of your Personal Data
We may use external service providers to process your Personal Data on our behalf. When we do so, we have appropriate agreements in place to protect such data. In the case of international transfers, we always make sure that additional safeguard mechanisms are in place (for example, by adding Standard Contractual Clauses).
Currently, we share your Personal Data with the following service providers:
Amazon Web Services (AWS) which is our primary cloud services provider, used to host personal data and enable our Services to operate and be distributed. AWS computing environments are continuously audited, with certifications from accreditation bodies across various geographies and verticals. Learn more about AWS security compliance on their website.
Google Crashlytics is used to monitor the infrastructure and performance of the Services. Here are its Data Processing and Security Terms.
Google Firebase is a mobile development platform that provides us with various tools and options for developing the Services. Here are its Data Processing and Security Terms.
Braintree is a global commerce tools provider. We use Braintree integrations to process the payments. Here is their Privacy Statement.
Meta for Business (formerly known as Facebook for Business) provides various services for choosing audiences that will see our ads on Meta’s products such as Facebook and Instagram. Here is its Data Policy.
Palta Brain provides a single way to integrate various payment providers and analytic services, thus minimizing the development effort needed to implement the Services. Country of registration: Cyprus.
You can contact us using the following email: email@example.com
You can also contact our EU representative:
DPOEU LTD, Office 902, Oval, Krinou 3, Ayios Athanasios, 4103, Limassol, Cyprus Email: firstname.lastname@example.org