Dear User,

The Covr Authenticator app (the “Covr App”) is provided by Covr Security AB, company registration number (org. no. 556999-2638) having its registered address at Nordenskiöldsgatan 24
211 19 Malmö, Sweden (“we” or “us”).

Your privacy is important to us. Under the applicable personal data protection legislation and regulations such as national implementations of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data or any subsequent legislation such as Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR), as well as any other local laws and legislation applicable in any relevant territory (the “Personal Data Legislation and Regulations”), we are processing personal data as data processor and also as data controller for which we decide the purposes and the means of processing (please see below). With “personal data” we mean information which is directly or indirectly referable to a natural living person, e.g. name and address but also possibly location data or IP addresses. We may collect the information set out below, which include your personal data.

This document contains a policy statement regarding our collection, use and processing of personal data, with whom we may share such data, your rights in relation to your personal data and other information that we have to provide you with. When you use the Covr App, we will process personal data for various purposes. In order to use the Covr App you must first read and accept this Privacy Policy.

The Covr App is provided by us to you as an end user and the Covr App is also provided to our partners as a service, by means of which you are able to safely identify yourself with our partners (for instance banks, retail sellers, cloud service providers, gaming companies etc.) that are using the Covr App’s services (the “Partners”). This means that our Partners are the data controllers for certain types of data and we are carrying out the processing activities on their behalf according to their instructions when providing them with the services of the Covr App. We also process certain personal data for our own purposes for which we are acting as data controllers.


1. Processing of personal data on behalf of our partners

1.1 We process the following types of data as data processor on behalf of our Partners in order to provide the services of the Covr App:

(a) Phone number;
(b) Username or Email;
(c) IMEI number of the mobile device;
(d) Device Type;
(e) PIN;
(f) Location data;
(g) The Partner that you are associated with.

1.2 Regarding the above types of data, our Partners are the data controllers, which means that they decide on the means and purposes of the processing. You should consult their privacy policies concerning the processing of your personal data via the Covr App in order to obtain information with respect to such as the purposes of the processing, your rights regarding the processing, the contact person to whom you might address questions or complaints etc.

1.3 The purposes of the processing of the personal data enlisted in section 1.1 is decided by the Partner implementing the Covr App in its operations. The processing always serves the purpose of safe online identification by means of providing the Covr App. The provision of the Covr App entails the processing of your above enlisted personal data for the purposes of administering your account; enabling and providing the Covr App; sending you alerts or messages concerning the Covr App via sms or email; ensuring the technical functioning of the Covr App and preventing use of the Covr App in breach of the terms of use; enforcing the terms of use, including to protect our rights, property and safety and also the rights, property and safety of third parties if necessary; and fulfilling requirements by law.

1.4 The types of data enlisted above in section 1.1 are only shared by us with relevant Partners in order to provide the service of the Covr App.


2. Processing of personal DATA for our own purposes

2.1 TYPES OF DATA

2.1.1 We collect and process the following categories of personal data for our own purposes as data controller:

(a) Phone number,
(b) user name; and
(c) email address.

2.1.2 Please note that we are unable to provide the Covr App unless you provide the above stated personal data, which is a contractual requirement.

2.2 PURPOSES OF PROCESSING

2.2.1 We will process the Personal Data set out above (with the exception of your email address) for the following purposes:

(a) to analyse engagement, our audience, custom event triggers, funnels on usage and crash reporting; and

(b) to improve and develop the Covr App or new services and products and to analyze your use of the Covr App.

2.2.2 We will process your email address to send you our offers or newsletters.


2.3 LEGAL GROUNDS OF PROCESSING

2.3.1 We will process your personal data based on your consent.

2.3.2 By clicking “Continue” in the set-up flow and thereby creating a user account with the Covr App, you consent to the processing of your personal data.

(a) to the processing of personal data as set out in this Privacy Policy; and
(b) to receive direct marketing from us via email.

2.3.3 You may at any time withdraw your consent. If you revoke your consent it will not affect the lawfulness of our processing based on your consent before its withdrawal.

2.3.4 You have the right to object to the processing of your personal data for direct marketing

2.3.5 purposes, upon which we will cease to process your personal data for such purposes.


2.4 DISCLOSURE OF PERSONAL DATA

2.4.1 We may share and disclose your personal data, enabling us to fulfil the above purposes, to the following service providers within the EU/EEA:

(a) to our outsourced development team (located in Lithuania); and
(b) to our cloud service provider Microsoft Azure.


2.5 RESPONDING TO LEGAL REQUESTS AND PREVENTING HARM

2.5.1 We may access, preserve and share your information in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations, if we have a good faith belief that the applicable law require us to do so.

2.5.2 This may include responding to legal requests from jurisdictions outside of the European Union or the European Economic Area where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.

2.5.3 Information that we receive about you by using the Covr App, may be accessed, preserved and retained for an extended period of time when it is the subject of a legal request or obligation, government investigation, or investigations concerning possible violations of our Terms of Use or policies, or otherwise to prevent harm.


2.6 CHILDREN

The Covr App is not directed to persons under the age of 16. We do not knowingly collect personal data from persons under the age of 16 (the “Age Limit”). If you are a parent or guardian of a child under the Age Limit and you become aware of that your child has provided personal information to the Covr App without your consent, please contact dataprotection@covrsecurity.com to exercise of your applicable access, rectification, cancellation, and/or objection rights.


2.7 RETENTION PERIOD

In order to achieve the purposes of the processing as set forth above, we will process your personal data until the Terms of Use is terminated and for two years thereafter for archiving purposes.


2.8 GOOGLE FIREBASE

2.8.1 You accept that we have implemented Google’s Firebase App (the “Firebase App”) in the Covr App and thereby you consent to the processing of your Personal Data carried out by the Firebase App. Please read more about the processing carried out by the Firebase App at https://www.google.com/policies/privacy/partners/.

2.8.2 We are using the following features of the Firebase App Analytics and crash reporting. We do not use the following features: Auth, Database, Storage, hosting, test labs, notifications, remote config, dynamic links or adMob.

2.8.3 For the purposes of analytics, analyzing how the users use the Covr App and providing the users with a better user experience, the said features of the Firebase App collects and processes the following information: active users, user engagement, retention, app version, device type, general location, gender by age group.

2.8.4 You may opt-out from the processing carried out by the Firebase App in your user settings.


2.9 YOUR PRIVACY RIGHTS

2.9.1 EU law permits residents of the Member States, once per calendar year free of charge if applicable under local data protection laws, to request details about what personal information is stored with us, the source of the data, the purposes of the processing and the identity of parties to whom the data has been provided.

2.9.2 You have the right to obtain a copy of the personal data that we process relating to you. For any further copies requested by you, we may charge a reasonable fee based on administrative costs.

2.9.3 You have the right to data portability, whereby if applicable you have the right to receive your personal data processed by us in a structured, commonly used and machine-readable format. You have the right to transfer such data to another data controller and we shall not hinder you in such transfers in order to avoid a “lock-in”.

2.9.4 You may request the rectification of inaccurate personal data concerning you and you have the right to have incomplete personal data completed. You may request, if applicable, the deletion of your personal data that we process. You have the right to request restriction of the processing of your personal data, if applicable.


2.10 COOKIES, PIXELS AND OTHER SYSTEM TECHNOLOGIES

2.10.1 We collect information through technology like cookies and the tracking technology provided by the Firebase App.

2.10.2 A cookie is a very small file, a small piece of data, sent from a website and stored in the memory of a user’s web browser, mobile phone, or other device while the user is browsing that website or using an application. A cookie can help the website or application provider to recognize your device the next time you visit that website or use the application, provide you with access to certain functions on the website or the application and/or register your surf or usage patterns. We may use the following cookies for the purposes set out below:

(a) We use functional cookies to operate certain functions of the Covr App in accordance with your choices and selections, meaning that the Covr App will be provided as you have previously requested, e.g. remembering your customization of the Covr App. Data private to you will be stored in the keychain of your device.


2.11 NOTICE OF CHANGES

If we make changes to this Privacy Policy we will notify you by publication here https://www.covrsecurity.com/covr-app-privacy-policy/. If the changes are material, we will provide you additional, prominent notice as appropriate under the circumstances and, where required under applicable law, ask for your consent.


2.12 LINKS TO OTHER WEBSITES

You should be aware that when you are using the Covr App you may be directed to other sites where the collection and processing of personal data is outside of our control. You acknowledge that the privacy policy of the new site will govern the collection and processing of your personal data on that site and you accept that we have no responsibility or liability thereto.


2.13 CHANGE OF CONTROL

If the ownership of our business changes, we may transfer your personal data to the new owners so they can continue providing the Covr App. The new owners will be obliged to comply with the commitments of this Privacy Policy.


2.14 CONTACT INFORMATION AND RIGHT TO LODGE COMPLAINT

2.14.1 To exercise the aforementioned rights, or if you have any questions about our sharing practices, your rights under EU law, or wish to have your personal information removed, please contact us at the following address:

Covr Security AB
dataprotection@covrsecurity.com Nordenskiöldsgatan 24 Malmö , Sweden

2.14.2 In order to ensure that you receive a swift response, please state in your email/letter your full name, address, mobile number associated with Covr. We will respond to your request within a month unless the request is complex in which case we might extend the period with up to an additional two months.

2.14.3 If you have any complaints regarding our processing of your Personal Data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm