Privacy Policy (Website)

GENERAL INFORMATION

What is Personal Data?
Personal Data is information that makes it possible to identify a natural person. This includes in particular, your name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data exists if no personal reference to the user can be made.

What is processing?
A cookie is a small text file that is sent to your device’s hard drive by a website. Each time you return to the same website, your browser retrieves and sends the relevant cookie(s) to the website’s server.

Who is responsible?
The person responsible for the processing of Personal Data is Apps Do Wonders LLC, a Dallas based limited liability company. Please read this Privacy Policy together with our Cookie Policy and email us using support@appsdowonders.com or our Contact Form if you have any questions.

Purpose and legal basis of processing
In accordance with the TDPSA and the GDPR we need to have both a purpose and a legal basis to process Personal Data. The purposes are:

• providing the website and their functions and contents,
• responding to contact requests and communicating with our customers,
• providing our services, and
• security measures.

Of course, we can only do that if we have at least one of the following legal bases or in other words lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:

• consent,
• to fulfill our services and carry out contractual obligations,
• to fulfill our legal obligations, and
• to protect our legitimate interests.

Data transfers
In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.

• Service providers in the context of fulfillment processing,
• Companies that provide marketing services,
• Service providers within the scope of providing our website, and
• State authorities and institutions as far as this is required or necessary.

Our main operations are based in the USA and your Personal Data is generally processed, stored and used within the USA. In some instances, your Personal Data may be processed outside the USA. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your Personal Data is protected in the same way as if it was being used within the USA. Where we need to transfer your data outside the USA, we will use approved standard contractual clauses in contracts for the transfer of Personal Data to third countries.

Security
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. Our security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Storage and retention
Your Personal Data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or – if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period. We then delete your Personal Data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defense against legal claims against us.

What Personal Data do we process?

Log files
When you access our website, some access data is recorded automatically and stored in a log file on our website’s server. This means if you browse and simply have a look at our website, we process a) the IP address of your computer, b) the date and time of your access, c) the name and URL of the accessed file, d) the browser used, e) the amount of bytes transferred, f) the status of the page request, g) the session ID and g) the referrer URL. The legal basis for processing is our legitimate interest.

Hosting of our website
We use the hosting services of Amazon Web Services (AWS), for the purpose of hosting and displaying our website. AWS does so on the basis of processing on our behalf, and that also means that all data collected on our website and shop is processed on AWS’ servers.The basis for processing is our legitimate interest, and the initiation and/or fulfillment of a contract.

Content Management System
We use the open source Content Management System (CMS) of WordPress.Org to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us is transferred to AWS. This represents a legitimate interest.

Fonts
We have integrated Google Fonts by Google. To enable the display of fonts, a connection to Google’s server is established when our website is accessed. This enables Google to determine which website sent the request and to which IP address the display of the font is to be transmitted. The integration is based on our legitimate interest.

Cookies
We use so-called cookies on our website. Cookies are small text files that are stored on your device (PC, smartphone, tablet, etc.) and saved by your browser. For further information, please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.

Contact options
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided and your message. The legal basis for the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations and/or our legitimate interest in processing your request.

When using our services
The protection of your Personal Data is particularly important to us in the performance of our contract with you and allowing you access to our add-ins (“Services”). We therefore only want to process as much Personal Data (for example, your name, address, e-mail address, or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfil our contractual obligations to you or to carry out pre-contractual measures and in the context of administrative tasks as well as the organisation of our business and compliance with legal obligations, such as archiving.

As mentioned above, we process the Personal Data involved in your use of our Services(“Service Data”) in order to be able to provide our services. We recognise that you own your Service Data and provide you with complete control of your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through supported third-party integrations, and (iii) request export or deletion of your Service Data.

We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.

We process your Service Data as Data Processor or in other words on behalf of you, and will only do so in accordance with your instructions and use it only for the purposes agreed between you and us. We also take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of your Service Data. For further information, please also refer to our Privacy Policy (Add-in) and Data Processing Addendum.

Data Management
For optimal customer support and data management, we use the same data that we process in the course of providing our contractual services and store it in our proprietary customer support platform supported by HelpScout. This data processing is based on our legitimate interest in providing our customer service.

Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.

Analytics
For business reasons, we analyse the data we have on web and server traffic patterns, website interactions, browsing behaviour, etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarised and/or anonymised values (“Aggregated Data”). Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy. For this purpose we use Google Analytics from Google. The legal basis is our legitimate interest and your consent. For further information on our use of Google Analytics, please refer to our Cookie Policy.

Direct marketing in the context of a customer relationship
Insofar as you have also given us separate consent to process your data for marketing and advertising purposes, We are entitled to contact you for these purposes via the communication channels you have ticked in this consent.

OTHER USES OF YOUR PERSONAL DATA

We may also collect, store, and use your Personal Data for the following purposes:

• to operate, manage, develop, and promote our business and, in particular, our relationship with you and related transactions, including, for example:
  • marketing purposes (when we have either gathered prior opt-in consent and/or have a legitimate interest to send you communications which we believe to be relevant and of use to you);
  • to operate, administer, and improve our website and other aspects of the way in which we conduct our business;
  • to offer you our blog;
  • to provide you with services or information that you may have requested; and
  • to keep you informed and updated on relevant topics or services you may be interested in.
• to protect our business from fraud, money laundering, breach of confidence, theft of proprietary materials, and other financial or business crimes;
• to comply with our legal and regulatory obligations, bring and defend legal claims and assert legal rights; and
• if the purpose is directly connected with an assigned purpose previously made known to you.
  

We will only process your Personal Data as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing. Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your Personal Data where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances, we may also be required by law to disclose or otherwise process your Personal Data.

LINKED SITES

For your convenience, our website may contain hyperlinks to other websites. We are not responsible for the privacy practices of linked websites or companies that are not owned or controlled by us, and this Privacy Policy does not apply to them. The links on our website may collect additional information in addition to the information we collect.

We do not endorse any of these linked websites, their products, services, or any content on their websites. We encourage you to read the privacy policies of each linked website you visit to understand how the information collected about you is used and protected.

SOCIAL MEDIA

We are present on social media based on our legitimate interest. If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint responsibility agreement. The Personal Data collected when you contact us is used to process your request, and the basis for this is both your consent and our legitimate interest.

YOUR RIGHTS AND PRIVILEGES

Privacy rights
Under the TDPSA, you can exercise the following rights:

• Right to know
• Right to rectification
• Right of deletion
• Right of non-discrimination
• Right to opt-out of sale

Under the GDPR, you can exercise the following rights:

• The right to access;
• The right to rectification;
• The right to erasure;
• The right to restrict processing;
• The right to object to processing;
• The right to data portability;

Update your information and withdraw your consent
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.

Access Request
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

What we do not do

• We do not request Personal Data from minors and children;
• We do not process special category data without obtaining prior specific consent;
• We do not use automated decision-making, including profiling; and
• We do not sell your Personal Data.

Right to complain
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

Data Breaches and Notification
Databases or records containing Personal Data may be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notification will be accompanied by a description of the measures that will be taken to repair the damage caused by the data breach. Notifications will be sent as soon as possible after the violation is discovered.

USA SPECIFIC PROVISIONS

The following applies to users located elsewhere in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state’s legislature and that no data protection framework similar to the EU’s GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations.

As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.

Further, the following also apply

1. “Shine the Light”
   “Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.
2. COPPA (Children Online Privacy Protection Act)
   When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
3. CAN SPAM Act
   The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
4. Telephone Consumer Protection Act (TCPA)
   If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.
5. Controls For Do-Not-Track Features
   Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
6. Right to complain
   Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above mentioned States may lodge a complaint with the relevant district attorney or attorney general office.However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.