Data Protection Policy
This summary presents important elements of the Data Protection Policy (DPP), but it does not replace the DPP and you have to read it and accepted:
OK! We process Personal Data to provide our service.
OK! We do our best to process only adequate and relevant data and to keep them securely.
OK! We are processing data lawfully, fairly, and in a transparent manner for a specified, explicit, and legitimate purposes.
OK! We apply the General Data Protection Regulation (GDPR) standards to all our users (European and Non-European)
We DO NOT SELL your Personal Data!
We DO NOT PROFILE USERS!
We DO NOT MAKE AUTOMATED DECISIONS about you!
! In short, you have the right to access, rectify, and/or erasure your data. In addition, you have the right to obtain a restriction of processing. You can exercise your rights by contacting our DPO (read below).
! The Data Controller has a Data Protection Officer (DPO) who can be contacted through the email address: firstname.lastname@example.org
! The Data Controller is a Company which has the following contact details:
In this document, the "Data Controller", the "Company", "we", "us", "our" refers to the above legal entity.
Data Protection Policies (or Data Policies, Privacy Policies) seem to be created by the people paid per word. They are long and full of legalese due to legal compliance requirements.
We did our best to make our Data Protection Policy short, easy to access, easy to understand, and in a clear and plain language, especially for our young users. However, we couldn’t avoid all legal terms, but we created a Glossary of Terms to help you to better understand the terms.
Even though, worldwide, there are various privacy legislations (So many countries, so many customs), we voluntarily choose to apply the General Data Protection Regulation (GDPR) standards to all our users regardless if they are a GDPR subject or they are users outside of the European Union jurisdiction. One application, one Data Protection Policy!
We want you to read our entire Data Protection Policy and all the other documents that govern the relationship between us and you, and we want you to do it before creating an account, in order to have a good understanding of what, how, and more important why we are doing things as we do.
However, if you are like us, you are eager to use the application not to read legal documents. That’s why we’ve started this policy with a short summary followed by our core beliefs, our principles, and by a detailed explanation of the Data Protection Policy.
This Data Protection Policy and a Glossary of Terms are accessible to you at any time on our website. Moreover, if you have questions about this policy and our privacy practices we want to hear from you. You always can contact us through the email address: email@example.com at any time, and we are happy to help.
Our Core Beliefs
We do everything (designing, developing, creating, managing our services) having in mind that our Personal Data and the Personal Data of our families, our friends, and our fellow human beings are on the line!
We acknowledge that you trust us with your Personal Data and that is a huge responsibility for us. We promise you that we do our best to keep your and our data safe, to process your and our data only for the purpose(s) for which it has been provided, and never abuse of your data and your trust.
We hope you will help us to protect all Personal Data!
Our Data Protection Principles
OK! We design with privacy in mind.
OK! We communicate honestly and openly.
OK! You control your information.
OK! You choose what data you share with us.
Who We Are
(Legal term: Identity and Contact Details of the Data Controller)
The above company is the entity who is processing Personal Data (in legal terms - the Data Controller) gathered when people use our services.
(Legal term: Data Protection Officer)
The Company has a Data Protection Officer (DPO), an expert in the data protection law who is advising and monitoring us to comply with the applicable data protection regulation. Our Data Protection Officer can be contacted through the email address: firstname.lastname@example.org
Your rights are important to us, and we want to inform you about your right before anything else.
OK! You have the right to know if we are processing your personal data.
OK! You have the right to know what personal data we are processing and the purposes of the processing.
OK! You have the right to request from us access to your personal data.
OK! You have the right to obtain from us the rectification of inaccurate personal data.
OK! You have the right to obtain from us the erasure of your personal data.
OK! You have the right to obtain from us restriction of processing of your personal data.
OK! You have the right to object at any time to processing of your personal data.
OK! You have the right not to be subject to a decision based solely on automated processing, including profiling.
OK! You have the right to receive your personal data and to transmit those data to another controller (data portability right).
OK! You have the right to be informed through email about a data breach in 72 hours after the Company having become aware of it.
Any requests regarding your rights should be made in writing to our Data Protection Officer (DPO) - email: email@example.com
What we do
At RedCarpet.app our goal is to offer you a better way to present and represent yourself while creating the perfect circumstances and occasions to discover new people, new experiences and strengthen your connections with your favorite fashion brands in a flawless and easy journey.
In order to achieve our goals and to provide you better services we are relying on the data that you share with us. For example, you share with us personal data when you are posting on RedCarpet.app, but also, when you just use the app even though you do not post (e.g. the type of device you are using, the IP address of your device, your geolocation).
Based on the data that you give us when you attend an event, we are able to activate Public Posts and Live Chat. Moreover, your interaction with the app will help us to personalize promotions for you from your favorite brands or brands and products that you might be interested in them.
What We Don’t Do
X We DO NOT SELL your personal data!
X We DO NOT PROCESS any ‘Special categories’ of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
What Personal Data We Process
Basically, we process your personal data from two main sources that share your data with us: you and third parties (e.g. login with Google, Facebook, Twitter etc)
Personal Data You Actively Share With Us
In the RedCarpet.app app, there aren’t mandatory Personal Data that you have to give us, but if you want to get RedCarpet.app’s full experience, it’s better to share with us some data. For example:
When you want to post publicly you have to attend an event and we have to verify that you are at the event location, at the event time. Thus, sharing your location with us is essential.
When you provide some information about you (e.g. name, where you live, occupation), your friends will be able to find you easier.
Also, that will allow us to activate Live Chat for you.
Personal Data That You Share With Us When You Use RedCarpet.app
When you use RedCarpet.app, you automatically share with us certain data about which services and features you use and how you’ve used them, and we process these data. These data may include:
Usage data. Your interaction with the
Device data. When you use our services, your phone share
Camera and photos
Data collected by Cookies and other technologies
Your Personal Data Shared With Us by Third Parties
We know you have to many accounts and passwords to keep in mind and we don’t want to be another one. However, to access RedCarpet.app, we will ask you to authenticate using your Google or Facebook account. We rely on these third parties that manage your identity to know you are who you are saying you are.
Also, we might process your personal data provided by other users. For example, a member of your family or a friend upload a picture of you, or mention you on a post. If and when we process your data provided by these third party we will inform you.
The RedCarpet.app site is using cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
We use third party service provider(s), to assist us in better understanding the use of our Site. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our site, what products are browsed, and general Transaction information. Our service provider(s) analyses this information and provides us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Site and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using information they receive from our Site other than to assist us.
How We Use Personal Data
Your information will be used for the following purposes:
Complying with applicable regulations
We will process your Personal Data only for the purpose(s) for which it has been provided to us.
Providing operational information
Personalise your RedCarpet.app Services experience
Analyse RedCarpet.app website usage, and improve our website and website offerings.
Help us respond to your customer service requests and support needs.
Preventing and detecting crime
Carrying out research and statistical analysis
The data will not be used to make automated decisions.
Contact you about RedCarpet.app. The email address you provide may be used to communicate information and updates related to your use of the RedCarpet.app. We may also occasionally communicate company news, updates, promotions, and related information relating to similar products and services provided by RedCarpet.app.
Promoting our services. Administer a contest, promotion, survey or other site features as will be more explained on the website.
We do not perform behavioral tracking of a customer's activities on our Website or across different Websites, nor do we allow third-party data collection through our Service.
If you wish to stop receiving marketing communications from us, please contact us at dpo@RedCarpet.app.app to opt-out.
What Is Our Legal Basis for Processing Personal Data
We are processing your personal data because is necessary for:
Compliance with legal obligation such as AML - applicable regulation concerning anti money laundering and counter terrorism financing;
The performance of the contract with you;
In addition to the above cases, we are processing your personal data when you consented, in an unequivocally way. For example, we need your freely and express consent for promoting our services.
If you give your consent, you have the right to withdraw your consent at any time.
If you do not give us your consent on a specific case, we will not use your personal data for that specific case.
If you withdraw your consent or if you do not consent that will not affect your access to our services.
However, we do not need your consent when processing your personal data is necessary for compliance with legal obligation and for the performance of the contract with you.
Disclosing and Transferring Personal Data
We may disclose your Personal Data to third parties and legal and regulatory authorities, and transfer your Personal Data outside the EEA, as described below.
A. Disclosures to Third Parties
Non-personally identifiable visitor information may be provided to third parties for marketing, advertising, or other uses.
RedCarpet.app's third party service providers are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms no less protective those described in this Data Protection Policy, or those we are subject to under applicable data protection laws.
B. Disclosures to Legal Authorities
We may share your Personal Data with law enforcement, data protection authorities, government officials, and other authorities when:
Compelled by subpoena, court order, or other legal procedure.
We believe that the disclosure is necessary to prevent physical harm or financial loss.
Disclosure is necessary to report suspected illegal activity.
However, if we have to reveal your personal data, but we will inform you when the personal data are first disclosed to the recipient.
C. International Transfer of Personal Data
We store and process your Personal Data in data centres around the world, wherever RedCarpet.app facilities or service providers are located. As such, we may transfer your Personal Data outside of the EEA. Such transfers are undertaken in accordance with our legal and regulatory obligations.
Occasionally, the RedCarpet.app website may provide references or links to other websites ("External Websites"). We do not control these External Websites third party sites or any of the content contained therein. You agree that we are in no way responsible or liable for External Websites referenced or linked from the RedCarpet.app website, including, but not limited to, website content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to, or arising from those sites.
External Websites have separate and independent privacy policies. We encourage you to review the policies, rules, terms, and regulations of each site that you visit. We seek to protect the integrity of our site and welcome any feedback about External Website information provided on the RedCarpet.app website.
Security of Personal Data
We use a variety of security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorised access, misuse, alteration or destruction. These security measures include, but are not limited to:
Random created passwords protect accounts, directories, and databases.
Encrypted and processed on secure infrastructure
Secure Sockets Layer (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely.
PCI Scanning to actively protect our servers from hackers and other vulnerabilities.
A very limited number of trained personnel have access to sensitive data
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorised RedCarpet.app personnel are permitted access to your Personal Data, and these personnel are required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
Retention of Personal Data
We retain Personal Data for as long as necessary to fulfil purposes described in this Data Protection Policy, subject to our own legal and regulatory obligations. In accordance with our record keeping obligations, we will retain Account info and other Personal Data for 7 years after an Account is closed.
Updates to this Data Protection Policy
This Data Protection Policy may be revised, modified, updated and/or supplemented at any time, without prior notice, at the sole discretion of RedCarpet.app. When we make changes to this Data Protection Policy, we will notify all users on our website, and make the amended Data Protection Policy available on our website.
Personal Data. Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
How to Make a Complaint
If you are unhappy with the way in which your personal data has been processed you may in the first instance contact the Data Protection Officer (DPO) - email: firstname.lastname@example.org
If you remain dissatisfied then you have the right to apply directly to the Supervisory Authority for a decision, which can be contacted at:
Office of the Commissioner for Personal Data Protection
1 Iasonos St., 1082 Nicosia, P.O. Box 23378, CY-1682 Nicosia, Cyprus Tel: +357 22818456. http://www.dataprotection.gov.cy/
We would be glad to help
If you still have questions or comments about our Data Protection Policy, please, send us a message at email@example.com and we would be glad to help.
Thank you for being a valuable Customer
The Data Protection Team of
APPENDIX A - Glossary of Terms (Data Protection Definitions)
means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of Processing
means the marking of stored personal data with the aim of limiting their processing in the future;
means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
Consent of The Data Subject
means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Personal Data Breach
means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
Data Concerning Health
means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
(a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
(b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;
means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;
means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
Group of Undertakings
means a controlling undertaking and its controlled undertakings;
Binding Corporate Rules
means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;
means an independent public authority which is established by a Member State pursuant to Article 51;
Supervisory Authority Concerned
means a supervisory authority which is concerned by the processing of personal data because:
(a) the controller or processor is established on the territory of the Member State of that supervisory authority;
(b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
(c) a complaint has been lodged with that supervisory authority;
(a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
(b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
Relevant and Reasoned Objection
means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;
Information Society Service
means any Information Society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services. For the purposes of this definition:
(i) ‘at a distance’ means that the service is provided without the parties being simultaneously present;
(ii) ‘by electronic means’ means that the service is sent initially and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by wire, by radio, by optical means or by other electromagnetic means;
(iii) ‘at the individual request of a recipient of services’ means that the service is provided through the transmission of data on individual request.
An indicative list of services not covered by this definition
1. Services not provided ‘at a distance’
Services provided in the physical presence of the provider and the recipient, even if they involve the use of electronic devices:
(a) medical examinations or treatment at a doctor's surgery using electronic equipment where the patient is physically present;
(b) consultation of an electronic catalogue in a shop with the customer on site;
(c) plane ticket reservation at a travel agency in the physical presence of the customer by means of a network of computers;
(d) electronic games made available in a video arcade where the customer is physically present.
2. Services not provided ‘by electronic means’
— services having material content even though provided via electronic devices:
(a) automatic cash or ticket dispensing machines (banknotes, rail tickets);
(b) access to road networks, car parks, etc., charging for use, even if there are electronic devices at the entrance/exit controlling access and/or ensuring correct payment is made,
— offline services: distribution of CD-ROMs or software on diskettes,
— services which are not provided via electronic processing/inventory systems:
(a) voice telephony services;
(b) telefax/telex services;
(c) services provided via voice telephony or fax;
(d) telephone/telefax consultation of a doctor;
(e) telephone/telefax consultation of a lawyer;
(f) telephone/telefax direct marketing.
3. Services not supplied ‘at the individual request of a recipient of services’
Services provided by transmitting data without individual demand for simultaneous reception by an unlimited number of individual receivers (point to multipoint transmission):
(a) television broadcasting services (including near-video on-demand services), covered by point (e) of Article 1(1) of Directive 2010/13/EU;
(b) radio broadcasting services;
(c) (televised) teletext.(as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council)
means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.