Privacy Policy
Last Updated: April 14, 2022
The purpose of this privacy policy (the “Privacy Policy”) is to detail the manner in which Settoo Labs Ltd. (“us” or “we”) operates in regard to Information (as defined below) which is being collected from the User and the Service Provider while using the Services.
This Privacy Policy is in addition to any other agreement, terms of use or similar arrangement with respect to the use of the Services to which the User or the Service Provider may be a party. All defined terms not otherwise defined in this Privacy Policy shall have the meanings set forth in the Agreement.
We may, from time to time and in compliance with the applicable data protection regulations, update our Privacy Policy. Such updates usually become necessary as a result of a change in legal provisions or a change to our services. It is therefore recommended to check the Privacy Policy frequently for any changes made.
If a User or the Service Provider is an individual in the European Economic Zone (EEA) or in the State of California, then the Annex to the Privacy Policy (the “Annex”) shall apply to the processing of such User or Service Provider’s Information (as defined below) and such User or Service Provider will have the additional data subject rights described in that Annex.
​
1.General
1.1.When using the Services, the User and the Service Provider must provide us with certain details concerning themselves. These include:
·Details provided by the User: full name, phone number, picture, and location.
·Details provided by the Service Provider: email, phone number, contact person name, credit card information, business name and location, business description, and any other information reasonably requested by us regarding the Service Provider’s business.
·Any other information that the User or the Service Provider provide us via the Services (collectively, the “Information”).
1.2.We see great importance in safeguarding the User and the Service Provider privacy, and therefore we put in efforts to ensure a level of security appropriate to the risk involved.
1.3.This Privacy Policy applies to the processing of the Information that the User or the Service Provider have made available to us in the course of using the Services and that are processed by us for the purpose of using the Services.
1.4.In principle, we assume no responsibility for the use of Information by other Users or any other third parties, including external sites, which appear on the Services. In case of doubt, the User and the Service Provider should review the privacy policy and terms of use of such third party or external site.
1.5.Each of the User and the Service Provider understand that they are not obligated to provide any information and that any information they provide is provided of their own free will and consent, provided that certain minimum information is required for the proper function of the Services.
1.6.The Information shall be kept by us, and its use shall be made in accordance with this Privacy Policy, any other agreement between us and the User or the Service Provider and any applicable law. All credit card information shall not be saved directly by us but shall be saved by a payment gateway and the terms of use of such payment gateway.
1.7.If the User or the Service Provider object to the use of the Information, or if the User or the Service Provider wish to be removed from our database, or if the User or the Service Provider wish to not receive notifications, updates, or marketing materials, they must notify us by writing through the Services or the removal mechanism found in any mailing or by emailing info@settoo.app, in which case we will, subject to applicable law remove such information from our database.
​
2.Purpose of Data Collection
The disclosure of Information by the User and the Service Provider constitutes an approval that such Information and any data generated on the basis of the analysis of such Information, which has reached or shall reach us, will be kept by us or any person or entity on our behalf, as required by law, and that such Information may be used for the following purposes:
2.1.For the provision of the Services (including disclosure of Information to Service Providers);
2.2.For marketing purposes (including via Notification, SMS or email);
2.3.For statistical analysis, provided that the part of the Information used for such purpose is aggregated and anonymized.
​
3.Transfer to Third Parties.
3.1.The Information shall not be sold, leased or delivered by us to any third party, except in accordance with the provisions of Section 3.2 below.
3.2.We may disclose any Information, in whole or in part, to third parties, if any one of the following conditions are met:
3.2.1.If the disclosure of the Information, or any part of it, is made to third parties who are parties to or are involved in the provision of the Services, provided that such disclosure is necessary for the performance of the Services. These third parties shall have no right to use this Information except for the purpose of providing the Services;
3.2.2.In accordance with Section 2;
3.2.3.If we are required to do so by judicial order or by law or according to any legal proceedings;
3.3.If we organize our activity under a different entity, including by way of a merger with another entity, whether such mergers are at the corporate level or with regard to its activities. In such a case, we shall ensure that the third party to whom we merged accepts the provisions of this Privacy Policy.
​
4.Identifiers
1.1.When the User and the Service Provider use the Services, we try to make that experience simple and useful, and therefore we use cookies, and Apple and Google identifiers. Cookies are small pieces of information which are issued to their computer and/or their mobile or when they visit or access a website and which store and sometimes track information about their use of such website. A number of cookies we use last only for the duration of their session using the Services and expire when they cease using the Services. Other cookies are used to remember them when they return to use the Services and will last for longer. We refer to cookies, Apple and Google identifiers, and equivalents technologies as "Identifiers".
1.2.We may use Identifiers to:
1.2.1.Remember that the User or the Service Provider have visited us before. This means we can identify the number of unique Users we have;
1.2.2.Customize elements of the promotional layout and/or content of the pages included in the Services;
1.2.3.Collect statistical information about the manner in which the User or the Service Provider use the Services (including the time each spend using the Services) so that we can improve the Services and learn which parts of the Services are mostly used by the User and the Service Provider ;
1.2.4.Assist us in providing Services to the User and the Service Provider Account, for example analyzing data for the purposes of troubleshooting.
5.Review of Information
The User and the Service Provider are entitled to review their Information which is being kept by us. If the User or the Service Provider find any Information to be mistaken, incomplete, or unclear, the User or the Service Provider may approach and request us to correct or delete such Information, by emailing: info@settoo.app.
Annex
Additional Information for EU Citizens
How we protect the Information
We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of the User or Service Provider Information. The Information is stored on secure servers and is not publicly available. We limit access of the Information only to those employees or partners on a “need to know” basis, in order to enable the carrying out of the agreement between us.
While we seek to protect the Information to ensure that it is kept confidential, we cannot absolutely guarantee its security. The User and the Service Provider (as applicable) need to help us prevent unauthorized access to its account by protecting the password appropriately and limiting access to the account by third parties. The User and the Service Provider will be solely responsible for keeping its own password confidential and for all use of the User or the Service Provider password and account, including any unauthorized use. The User and the Service Provider should also be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect the Information, we cannot ensure or warrant the security and privacy of the Information or other content transmitted using the Services, and the User and the Service Provider is doing it at their own risk.
Retention
We will retain the Information for as long as necessary to provide our Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing User and Service Provider's Information, trading information, account opening documents, communications, and anything else as required by applicable laws and regulations.
​
Marketing
We may use the Information for the purpose of providing the User and the Service Provider with promotional materials, concerning our Services.
At any time, the User and the Service Provider may request to unsubscribe and discontinue receiving marketing offers by sending us a blank message with the word “remove” to the details listed below.
​
User Rights
The laws of some jurisdictions may provide various rights in connection with our processing of certain Information. Such rights may include:
-
The right to receive confirmation as to whether or not the Information is being processed, and the right to access the User or Service Provider’s Information.
-
The right to receive a copy of the User or Service Provider’s Information.
-
The right to request rectification of the User or the Service Provider’s Information that is in our control.
-
The right to request erasure of the Information.
-
The right to object to the processing of the Information by us.
-
The right to request to restrict processing of the Information by us.
However, these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
​
Transfer of data outside the EEA (for EU data subjects)
Since we operate globally, it may be necessary to transfer data, including Information (as such term is defined above), to countries outside the EEA. In these instances, we will transfer the User or Service Provider Information only to such countries as approved by the European Commission as providing adequate level of data protection or enter into legal agreements ensuring an adequate level of data protection.
Additional Information for California Residents
This part of the Privacy Policy addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ.§1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively, "CCPA"). It applies to the handling of the Information of User and Service Provider who are residents of California.
User Rights under the CCPA
The CCPA provides consumers with specific rights regarding their Information. This section describes the CCPA rights and explains how to exercise those rights.
Access to Personal Information
The User or the Service Provider may request, up to two times each year, that we disclose to the User or the Service Provider (as applicable) the categories and specific pieces of Information that we have collected about the User or the Service Provider, the categories of sources from which the Information is collected, the business or commercial purpose for collecting the Information, the categories of Information that we disclosed for a business purpose, any categories of Information about the User or the Service Provider that we sold, the categories of third-parties with whom we have shared the Information, and the business or commercial purpose for selling the Information, if applicable.
Deletion Requests
The User and the Service Provider have the right to request that we delete any Information collected from the User and the Service Provider (as applicable) and retained, unless an exception applies.
Once we receive and confirm such request, we will delete (and direct our service providers, subcontractors, and consultants to delete) the Information, unless an exception applies.
Right to Opt-Out of the Sale of Personal Information
We do not "sell" personal information about our Users as most people would typically understand this term. However, we do allow certain third-party partners to collect pseudonymized information about consumers through our Services for purposes of serving ads and related marketing materials that are relevant (including related activities such as campaign measurement and analytics, fraud detection and reporting). In this context, we "sell" resettable advertising identifiers and IP addresses with our advertising partners. These allows developers and marketers to track activity for advertising purposes and are used to enhance the personalization of ads.
The User and the Service Provider may opt out from the "sale" of the Information by resetting these identifiers from within their device or limit ad tracking for their device as mentioned in the "Tracking Technologies" section of this policy. The User and the Service Provider may also contact us, by using the contact details provided below.
Exercising Its Rights
The User and the Service Provider can exercise their rights (such as access and deletion) via our in-app settings.
In addition, to request access or request deletion to the User or the Service Provider, the User and the Service Provider can also submit a verifiable consumer request to the contact information below.
Only the User and the Service Provider or a person authorized to act on their behalf may make a consumer request related to the Information.
The request must:
-
provide sufficient information to allow us to reasonably verify that the User or the Service Provider is the person about whom we collected Information or an authorized representative.
-
describe the request with sufficient details to allow us to properly understand, evaluate, and respond to it.
-
we cannot respond to a request or provide with Information if we cannot verify the User or the Service Provider identity or authority to make the request and confirm the Information relates such User and Service Provider. Making a verifiable consumer request does not require to create an account with us. We will only use Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
The User and the Service Provider may only request a copy of its own data twice within a 12-month period.
If the User and the Service Provider have any general questions about the Information that we collect about such User or Service Provider and how we use it, they can contact us at contact information below.
Response Timing and Format
Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform the User or the Service Provider of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at the User or the Service Provider option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide the User or the Service Provider Information in a format that is readily useable and should allow the User or the Service Provider to transmit the information without hindrance.
We do not charge a fee to process or respond to the User or the Service Provider verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell the User or the Service Provider why we made that decision and provide the User or the Service Provider with a cost estimate before completing your request.
In case of rejection, the response we provide will explain the reasons for which we cannot comply with the User or the Service Provider request.
These CCPA rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations.
Designating Agents
The User or the Service Provider can designate an authorized agent to make a request under the CCPA on the User or the Service Provider behalf if:
-
The authorized agent is a natural person, or a business entity registered with the Secretary of State of California; and
-
The User or the Service Provider sign a written declaration that the User or the Service Provider authorize the authorized agent to act on the User or the Service Provider behalf.
If the User or the Service Provider uses an authorized agent to submit a request to exercise the User or the Service Provider right to know or the User or the Service Provider right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on the User or the Service Provider behalf using the contact information below.
If the User or the Service Provider provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
Non-Discrimination
Unless permitted by the CCPA, we will not:
-
Deny the User or the Service Provider goods or services.
-
Charge the User or the Service Provider different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
-
Provide the User or the Service Provider a different level or quality of goods or services.
-
Suggest that the User or the Service Provider may receive a different price or rate for goods or services or a different level or quality of goods or services.