WorldBuddy Privacy Policy
Last updated: January 4th, 2024
This is the Privacy Policy of the WorldBuddy Travel Inc. websites and mobile applications, located at https://www.worldbuddy.ca/ and applicable country top level domains (including sub-domains associated with them), related software applications, data, SMS, APIs, email, chat and telephone correspondence, buttons, widgets and ads (collectively, all of these items shall be referred to herein as the “Services” or the “Service”; more generally, the WorldBuddy websites and applications shall hereinafter be referred to herein as “applications”). Our Service is offered to you conditioned upon your acceptance of this Privacy Policy. By accessing or using our Service, you expressly consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy. This Privacy Policy is subject to the WorldBuddy Terms of Use (together with any WorldBuddy rules, guidelines and policies referred to in the Terms of Use, the “Agreement”). Capitalized terms that are used and not defined in this Privacy Policy have the meanings given to them in the Terms of Use.
Please read this Privacy Policy carefully, as it describes the information that we collect from users of our Service (“Users”) as part of the normal operation of our applications, and how we use and disclose this information. If you do not accept this Privacy Policy, you are not authorized to use our applications or our Service. If you have a WorldBuddy account and wish to terminate this Agreement, you can do so at any time by closing your account in your account settings and no longer accessing or using the Service.
The terms “we”, “us”, “our” and “WorldBuddy” refer to WorldBuddy Travel Inc., a Prince Edward Island limited liability company located in Canada. “Services” and “Service” as defined above refers to those provided by WorldBuddy Travel Inc. or our corporate affiliates (together, “WorldBuddy”). The terms “you”, “yours” and words of similar meaning refer to the individual, company, business organization or other legal entity using the Services.
How We Use Your Information
We generally process your personal information when we need to do so to fulfill a contractual obligation, or where we or someone we work with needs to use your personal information for a reason related to their business (for example, to provide you with a part of our Service). European law calls these reasons “legitimate interests.” We only process personal information for these “legitimate interests” after considering the potential risks to your privacy—for example, by providing clear transparency into our privacy practices, offering you control over your personal information where appropriate, limiting the information we keep, limiting what we do with your information, who we send your information to, how long we keep your information, or the technical measures we use to protect your information. These legitimate interests are described in more detail below.
We use personal information in the file we maintain about you, and other information we obtain from your current and past activities on our Service, to provide to you the services offered by the applications; resolve service disputes; troubleshoot problems; measure consumer interest in our products and services, inform you about online and offline offers, products, services, events and updates, including by presenting advertising to you that is targeted to you based on profile information and information we collect from you during your use of the Service; deliver information to you that, in some cases, is relevant to your interests, such as product news; customize your experience; detect and protect us against error, fraud and other criminal activity; enforce our Terms of Use; provide you with system or administrative messages, and as otherwise described to you at the time of collection.
We may also use personal information about you to improve our marketing and promotional efforts, to analyze usage, to improve our content and product offerings, and to customize the applications’ content, layout, and services. These uses improve the Service and better tailor it to meet your needs, so as to provide you with a smooth, efficient, safe and customized experience while using our applications.
What Information Do We Collect?
Our primary purpose in collecting personal information from you is to provide you with a safe, smooth, efficient, and customized experience. This allows us to provide services and features that most likely meet your needs, and to customize our service to make your experience safer and easier. We only collect personal information about you that we consider necessary for achieving this purpose.
In general, you can browse our applications without telling us who you are or revealing any personal information about yourself. Once you become a registered User, we require you to provide various contact and identity information and other personal information as indicated on the relevant forms on the Service, and you are no longer anonymous to us. Where possible, on these forms we indicate which fields are required and which fields are optional. In addition, as you use the Service, you can from time to time enter or send to us personal information.
You always have the option to not provide information by choosing not to become a User or by not using the particular feature of the Service for which the information is being collected.
We also automatically track certain information about you based upon your behavior on our Service. We use this information to do internal research on our users’ demographics, interests, and behavior to better understand, protect and serve you and our community. This information may include the URL that you just came from (whether this URL is on our Service or not), which URL you next go to (whether this URL is on our Service or not), your computer browser information, your IP address and your location.
“Cookies” are small files placed on your device that assist us in providing our Services. We use cookies and similar technologies to allow you to enter your password less frequently during a session, and we use data collection devices (such as Google Analytics), including cookies and similar technologies, on certain pages or areas of our applications to help analyze our application page flow, measure promotional effectiveness, and promote trust and safety, to offer certain features that are only available through the use of a cookie and to allow us to provide information that is targeted to your interests.
Following your registration on the Service, you can review and change your information in your account area. If you disclose personal information on the Service and wish to have it removed, please contact us at the support contact information posted in the applications.
Our Disclosure of Your Information
We may sell or rent your personally identifiable information to third parties without your explicit consent except for persons in the European Economic Area (“EEA”), including those based in the United Kingdom. Please see section General Data Protection Regulation Privacy Statement (“GDPR Statement”) below for our further GDPR compliance and rulings with regards to WorldBuddy Travel Inc.. The following describes some of the ways that your information may be disclosed in the normal scope of business to provide our services:
Anonymized Aggregated Data. We aggregate and anonymize data and use and disclose such information for a variety of purposes. However, in these situations, we do not disclose any information that could be used to identify you personally.
Our Partners. Publicly accessible information that you provide to us, such as your name, likeness and the Content that you post in public areas of the Service, may be shared and/or made available to carefully selected third parties with whom we have a contractual relationship for the purpose of displaying this Content for their similar travel-related services, and for other commercial purposes related to the operation of our Service.
Public Areas of the Service. All of your activities in the public areas of the Service will be identifiable to your User ID, and other people can see your published Content.
Subsidiaries and Affiliates; Service Providers. We may from time to time use the services of affiliates, subsidiaries and unrelated service providers in the operation of the Service, and may disclose personal information to them in the course of our use of their services. For example, we may use the services of third-party hosting companies to host the operation of the Service. This may involve the hosting of data, including personal information, on servers operated by those hosting companies. We take care to use only service providers that we believe are reputable and able to live up to our and your expectations, including about the handling of confidential information.
Law and Harms. Notwithstanding anything to the contrary in this policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our or any other person’s rights or property. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
Other Jurisdictions. We are a Canadian company, but we work with and process data about individuals across the world. To operate our business, we may send your personal information outside of your state, province, or country, including to the United States. This data may be subject to the laws of the countries where we send it. When we send your information across borders, we take steps to protect your information, and we try to only send your information to countries that have strong data protection laws.
If you are in Europe, the UK, or Switzerland, when we send your personal information to Canada it is protected under Canadian law, which the European Commission has found will adequately protect your information. If we then send this personal information outside of Canada (for example, when we send this information to our subprocessors), this information is protected by contractual commitments that are comparable to those provided in the EU General Data Protection Regulation’s Standard Contractual Clauses.
Certain Transactions. We may also disclose personal information to the acquiror/acquirer or other counterparty or its agents in the course of the sale or a financing of our business. If we do this, the disclosure will be subject to confidentiality arrangements customary in such transactions.
How Long Do We Keep Your Information?
In general, we keep the personal information that we collect about you as long as we need to in order to provide you the Service and to perform our related duties, and perform the tasks described above.
On termination of your WorldBuddy account, we will within a reasonable period of time delete your personal information from our servers and the Service, provided that any of your Content that is viewable on public areas of the Service may remain on the Service at our discretion, though we may remove any attribution of that Content to your deleted WorldBuddy account. In addition, due to our distributed implementation of our Service, artifacts of your private Content may remain on our systems for some time after you delete your WorldBuddy account. We will delete those artifacts in due course in accordance with our standard platform maintenance practices.
Security
We strive to protect your personal information. For security of transactions, we use the TLS and HTTPS protocols, which encrypt the authentication information you enter into the Service. The encryption process protects your authentication information, by scrambling it before it is sent to us from your computer. We also make commercially reasonable effort to ensure the security of your personal information on our system. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us.
Other Information Collectors
Except as otherwise expressly included in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties through the Service, different rules may apply to their use, collection and disclosure of the personal information you disclose to them. Since we do not control the information use, collection or disclosure policies of third parties, you are subject to their privacy policies. We encourage you to ask questions before you disclose your personal information to others.
General Data Protection Regulation Privacy Statement (“GDPR Statement”)
This GDPR Statement applies to persons in the European Economic Area (“EEA”), including those based in the United Kingdom. This GDPR Statement supplements our Statement; however, where the Statement conflicts with the GDPR Statement, the GDPR Statement will prevail as to persons located in the EEA.
Information Rights Under GDPR
You have certain rights regarding your personal information.
Your rights with respect to your own personal information include the following:
-
The right to request access to your personal information. This enables you to receive a copy of the personal information we hold about you.
-
The right to request correction of your personal information if it is inaccurate. You may also supplement any incomplete personal information we have, taking into account the purposes of the processing.
-
The right to request deletion of your personal information if:
-
your personal information is no longer necessary for the purposes for which we collected or processed them; or
-
you withdraw your consent if the processing of your personal information is based on consent and no other legal ground exists; or
-
you object to the processing of your personal information and we do not have an overriding legitimate ground for processing; or
-
your personal information is unlawfully processed; or
-
your personal information must be deleted for compliance with a legal obligation.
-
-
The right to object to the processing of your personal information. We will comply with your request, unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal information to establish, exercise, or defend a legal claim.
-
The right to restrict the processing of personal information, if:
-
the accuracy of your personal information is contested by you, for the period in which we have to verify the accuracy of the personal information; or
-
the processing is unlawful, and you oppose the deletion of your personal information and request restriction; or
-
we no longer need your personal information for the purposes of processing, but your personal information is required by you for legal claims; or
-
you have objected to the processing for the period in which we have to verify overriding legitimate grounds.
-
-
The right to data portability. You may request that we send this personal information to a third party, where feasible. You only have this right if it relates to personal information you have provided to us where the processing is based on consent or necessity for the performance of a contract between you and us, and the processing is conducted by automated means.
-
You also have the right to lodge a complaint before your national data protection authority.
You will not usually have to pay a fee to access your personal information (or to exercise any of the other rights described in this Statement). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). To the extent you use a third party to submit a data request on your behalf, we may need to take reasonable steps to verify the authenticity of the request. These are security measures to ensure that personal information is not disclosed to any person who has no right to receive it. In an effort to speed up our response, we may also contact you to ask you for further information in relation to your request. You can exercise several of your rights through the personal information section of your account. To exercise your other rights you can file a request by clicking here.
Information Uses and Legal Basis
We will only use your personal information under the circumstances permitted by the law or you.
DETAILS OF OUR PRIVACY POLICY, DETAILED SECOND LEVEL INDEX
1. Purpose of the Privacy Policy
2. Definitions
3. Identity of the Data Controller
4. Applicable laws and regulations
5. Principles applicable to the processing of personal data
6. Security measures
7. Purposes of processing
8. Legitimation of the treatment
9. Recipients of your data
10. Data Processing Activities Carried Out
11. Personal data of minors
12. Origin and types of data processed
13. Rights of data subjects
14. Acceptance
1. OBJECTIVE OF THE POLICY
This “Privacy and Data Protection Policy” aims to make known the conditions governing the collection and processing of your data by WorldBuddy to ensure fundamental rights, honor and freedoms, all in compliance with current regulations that regulate the Protection of Personal Data according to the European Union.
Following these regulations, we need to have your authorization and consent for the collection and processing of your data, so below, we indicate all the details of your interest regarding how we carry out these processes, with what {nationalities, that other entities could have access to your data and what your rights are.
For all the above, once reviewed and read our Data Protection Policy, you must accept it as proof of your agreement and consent.
2. DEFINITIONS
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identity or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Restriction of processing”’ means the marking of stored personal data to limit their processing in the future.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Filing System” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry by Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall comply with the applicable data protection rules according to the purposes of the processing.
“Third Party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signed agreement to the processing of personal data relating to him or her.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Genetic Data” means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.
“Biometric Data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data.
“Data Concerning Health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
“Main Establishment” means:
1. As regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment had taken such decisions is to be considered to be the main establishment;
2. As regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation.
“Representative” means a natural or legal person established in the Union who, designated by the controller or processor in writing under Article 27, represents the controller or processor about their respective obligations under this Regulation.
“Enterprise” means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.
“Group of Undertakings” means a controlling undertaking and its controlled undertakings.
“Binding Corporate Rules” means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity.
“Supervisory Authority” means an independent public authority which is established by a Member State pursuant to Article 51.
“Supervisory Authority Concerned” means a supervisory authority which is concerned by the processing of personal data because:
1. the controller or processor is established on the territory of the Member State of that supervisory authority;
2. data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
3. a complaint has been lodged with that supervisory authority.
“Cross-border Processing” means either:
1. processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
2. processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
“Relevant and Reasoned Objection” means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.
“Information Society Service” means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (¹).
“International Organization” means an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.
3. IDENTITY OF THE DATA CONTROLLER
Who collects and processes your data?
The Data Controller is that natural or legal person, of a public or private nature, or administrative body, which alone or jointly with others determines the extent and means of the processing of personal data; in case the extent and means of the treatment are determined by the Law of the European Union.
In this case, our identification data as Data Controller are the following:
WorldBuddy Travel Inc. ID Number 14246225
How can you contact us?
Postal address and our offices: 81 Birkallum Drive C1B 0T8 Mermaid Prince Edward Island Canada
Registered office: 81 Birkallum Drive C1B 0T8 Mermaid Prince Edward Island Canada
Email: info@worlbuddy.ca- Phone: +1 7789601274
Who can help you with our Data Protection Policy?
We have a person or entity specialized in data protection, which is responsible for ensuring the correct compliance in our entity with current legislation and regulations. This person is called Data Protection Officer (DPO) and, if needed, can contact him as follows:
Auratech Legal Solutions SLP- CIF B87984621
Email: privacy@auratechlegal.es- Phone: +34 91 1134963
4. APPLICABLE LAWS AND REGULATIONS
This Privacy and Data Protection Policy is developed based on the following data protection regulations and laws:
● Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of these data. Hereinafter GDPR.
● Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
● Law 34/2002, of 11 July, on the Services of the Information Society and Electronic Commerce. Hereinafter LSSICE.
● UK General Data Protection Regulation (UK GDPR), tailored by the Data Protection Act 2018.
● Personal Information Protection and Electronic Documents Act 2000 (‘PIPEDA’)
5. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
The personal data collected and processed through this website will be treated in accordance with the following principles:
Principle of legality, loyalty and transparency: All processing of personal data carried out through this Website will be lawful and loyal, being totally clear to the user when the personal data that concerns him is being collected, used, consulted or processed. Information regarding the treatments carried out will be transmitted in advance, easily accessible and easy to understand, in simple and clear language.
Principle of limitation of purpose: All data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a manner incompatible with the purposes for which they were collected.
Principle of data minimization: The data collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Principle of accuracy: The data will be accurate and, if necessary, updated, taking all reasonable measures to delete or rectify without delay personal data that is inaccurate with respect to the purposes for which they are processed.
Principle of limitation of the retention period: The data will be kept in such a way as to allow the identification of the interested parties for no longer than necessary for the purposes of processing personal data.
Principle of integrity and confidentiality: The data will be processed in a way that guarantees adequate security of personal data, including protection against unauthorized or illicit processing and against accidental loss or damage, through the application of appropriate technical and organizational measures.
Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate it.
6. SECURITY MEASURES
What do we do to guarantee the privacy of your data?
WorldBuddy adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, and prevent its alteration, loss, treatment or unauthorized access, depending on the state of technology, the nature of the stored data and the risks to which they are exposed.
Among others, the following measures stand out:
● Ensure the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
● Restore availability and access to personal data quickly, in the event of a physical or technical incident.
● Verify, evaluate and evaluate, regularly, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
● Pseudonymize and encrypt personal data, in case it is sensitive data.
On the other hand, WorldBuddy manages information systems according to the following principles:
Principle of regulatory compliance: All information systems will comply with regulatory and sectoral legal regulations that affect information security, especially those related to the protection of personal data, system security, data, communications and electronic services.
Risk management principle: Risks will be minimized to acceptable levels and the balance between security controls and the nature of the information will be sought. Security objectives must be established, reviewed and consistent with the information security aspects.
Awareness and training principle: Training, awareness programs and awareness campaigns will be articulated for all users with access to information, in terms of information security.
Proportionality principle: The implementation of controls that mitigate asset security risks will be carried out seeking the balance between security measures, nature and information and risk.
Principle of responsibility: All members of the Data Controller will be responsible for their conduct regarding information security, complying with established rules and controls.
Principle of continuous improvement: The degree of effectiveness of the security controls implemented in the organization will be reviewed regularly to increase the ability to adapt to the constant evolution of risk and the technological environment.
7. PURPOSES OF THE TREATMENT
What do we want to process your data for?
We need your authorization and consent to collect and process your data, so below we detail the intended uses and purposes:
● Share your information with other users of the application: Share photos of your trips and places visited with other users.
● Advertiser management: Management and contact with users management of user uploads: Access to the camera and terminals to take pictures; Access to the geolocation of the terminals to manage the maps and places of the photographs; Access to the images of the mobile terminals to upload them to your prole at the request of the user; Process the images, maps and geolocation uploaded by users.
● Integral management of Data Protection: Fulfillment of RGPD obligations: Attending the requests of citizens in the exercise of the rights established by the General Data Protection Regulation; Management and evaluation of security breaches; Data protection and privacy of information.
● User management: Manage user accounts stored in secure cloud servers; Contact users themselves; Resolve app development errors.
● WorldBuddy application registration: Register in the application.
● WorldBuddy OAuth application registration: Register in the application.
How long do we keep your data?
We use your data for the time strictly necessary to fill the reasons indicated above. Unless there is an obligation or legal requirement, the expected storage periods are:
● Sharing your information with other users of the application: As long as the business relationship is maintained. The data is kept as long as the prole is active on the platform.
● Management of advertisers: For a period of 5 years from the last confirmation of interest. The personal data provided will be kept for the periods provided for by the commercial legislation regarding the prescription of responsibilities, as long as their deletion is not requested by the interested party and is appropriate, and as long as they are necessary – including the need to keep them for the applicable prescription periods – or relevant for the purpose for which they were collected or recorded.
● Management of user charges: As long as their deletion is not requested by the interested party.
● Integral Data Protection Management: Compliance with RGPD obligations: As long as their deletion is not requested by the data subject.
– Identifying: They are kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from that purpose and the processing of the data.
– Personal: They are kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may derive from said purpose and from the processing of the data.
– Employment details: They are kept for the time necessary to fulfill the purpose for which they were collected and to determine any liabilities that may arise from that purpose and from the processing of the data.
● User management: As long as their deletion is not requested by the interested party. The personal data provided will be kept for the periods provided for by the commercial legislation regarding the prescription of responsibilities, as long as their deletion is not requested by the interested party and it is appropriate, and as long as they are necessary – including the need to keep them during the applicable prescription periods – or relevant for the purpose for which they were collected or registered.
● Registration in WorldBuddy application: As long as their deletion is not requested by the interested party. The data is processed until the user or subscriber cancels his account.
● Registration in WorldBuddy OAuth application: As long as the data subject does not request its deletion. The data is processed until the user or subscriber cancels his account.
8. LEGITIMATION OF TREATMENT
Why do we process your data?
The collection and processing of your data are always legitimated by one or more legal bases, which we detail below:
● Sharing your information with other users of the application
(Art. 6.1.a RGPD) Consent of the interested party.
● Management of advertisers Existence of a contractual relationship with the data subject by contract or pre-contract. GDPR: 6.1b) the processing is necessary for the performance of a contract. b) the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation at the data subject’s request of pre-contractual measures; Management of user charges Explicit consent of the data subject (art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by means of a contract or precontract.
● Integral Data Protection Management; Compliance with RGPD obligations.
(Art. 6.1.c RGPD) Compliance with legal obligations of the Data Controller.
RGPD and LOPDGDD. Compliance legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD). Legal obligation compliance: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, 2018, on Personal Data Protection and guarantee of digital rights (LOPDYGDD).
● User management
Explicit consent of the data subject
RGPD: 6.1.a) Consent of the data subject. The legal basis for sending information relating to professional practice or professional interest and for the provision of voluntary services is the consent you provide, which you may withdraw at any time. Existence of a contractual relationship with the data subject by contract or pre-contract.
GDPR: 6.1b) the processing is necessary for the performance of a contract. b) the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures.
● Registration in WorldBuddy application
Explicit consent of the data subject
(Art. 6.1.b RGPD) Existence of a contractual relationship with the data subject by means of a contract or pre-contract.
● Registration in WorldBuddy OAuth application
(Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject by contract or pre-contract.
9. RECIPIENTS OF YOUR DATA
To whom do we transfer your data within the European Union?
Sometimes, to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:
Sharing your information with other users of the application: Information will be shared with other users of the application.
Management of advertisers: Tax Administration; Banks, savings banks and rural banks; Public administration with competence in the matter.
Management of user uploads: Data will be shared with other users of the application.
Integral management of Data Protection. Compliance with RGPD obligations: Public Administration with competence in the matter. In the case of notification of security breaches: Spanish Data Protection Agency.
Registration in WorldBuddy application: Tax Administration; Banks, savings banks and rural banks.
WorldBuddy OAuth application registration: Tax Administration. Your data is shared with Apple and Google.
10. DATA OF MINORS
Minors under 14 years of age may not use the services available through the Website without the prior authorization of their parents, guardians or legal representatives, who will be solely responsible for all acts carried out through the Website by the minors in their charge, including the completion of the telematic forms with the personal data of said minors and the marking, where appropriate, of the boxes that accompany them.
In compliance with the provisions of Article 8 of the GDPR and Article 7 of the LOPD/GDD, only those over 14 years of age may give their consent to the processing of their data lawfully by WorldBuddy
11. ORIGIN AND TYPES OF DATA PROCESSED
Where have we obtained your data from?
Sharing your information with other users of the application
Users of the App: The user himself or his legal representative. If the user decides to register with the OAuth modality their data will come from their Apple or Google accounts.
Advertiser management
Advertisers: The interested party or its legal representative.
Management of user uploads
App users: The user or his/her legal representative. If the user decides to register with the OAuth modality, his data will come from his Apple or Google accounts.
Integral management of Data Protection and compliance with RGPD obligations.
Employees: The data subject or his legal representative.
User management
App users: The data subject or his/her legal representative. If the user decides to register with the OAuth modality their data will come from their Apple or Google accounts.
WorldBuddy application registration
Users of the App: The interested party or their legal representative. If the user decides to register with the OAuth modality their data will come from their Apple or Google accounts.
WorldBuddy OAuth Application Registration
App users: The user or his/her legal representative. If the user decides to register with the OAuth modality their data will come from their Apple or Google accounts.
What types of data have we collected and processed?
Share your information with other App users
App users
Identification data (Name and Surname; Location of the photographs taken; Geolocation of the user; Access to the camera of the terminal to upload images to the app)
Personal characteristics (Photographs stored in the terminal)
Advertiser management
Identification data (Name and Surname; Mailing address; Email address; Telephone; NIF / NIE / Passport)
Credit information (Bank account number)
Advertisers Management of user uploads
App users
Identification data (Access to the terminal’s camera to upload images to the app; Location of the photographs taken; Geolocation of the user; Email address; Name and Surname)
Personal characteristics (Date of birth; Photographs stored in the terminal)
Other categories (Password)
Integral management of Data Protection, compliance with RGPD obligations.
Employees
Identification data (Name and Surname; Postal address; NIF / NIE / Passport; Email address; Fingerprint; Phone) Employment details (Jobs)
User Management
App users
Identification data (Email address; Name and Surname; Access to the terminal’s camera to upload images to the app; Location of the photographs taken; Geolocation of the user)
Personal characteristics (Date of birth)
Other categories (Password)
Registration in WorldBuddy application
App users
Identification data (Name and Surname; Postal address; NIF / NIE / Passport; Email address; Phone)
Economic, financial and insurance (Bank details)
Transactions of goods and services (Financial Transactions)
WorldBuddy OAuth Application Registration
App Users
Identifying information (Email address; First and Last Name)
Personal characteristics (Date of birth)
Other categories (Password)
12. RIGHTS OF THE INTERESTED PARTIES
What are your rights?
Current data protection regulations protect you in a series of rights about the use we give to your data. Every one of your rights is one person and non-transferable, that is, they can only be performed by the owner of the data, after verification of your identity.
Below, we indicate the rights of the interested parties:
Right of access: It is the right of the user of the Website to obtain confirmation of whether or not the Data Controller is processing his data and, if applicable, obtain information about his specific personal data and the treatment that the Data Controller has carried out or carries out, as well as, among others, of the available information about the origin of said data and the recipients of the communications made or provided for therein.
Right of rectification: It is the right that the user of the Website to have their data modified that turns out to be inaccurate or, taking into account the purposes of the treatment, incomplete.
Right of deletion: It is usually known as the “right to be forgotten”, and it is the right that the user of the Website has provided that current legislation does not establish otherwise, to obtain the deletion of his data when these are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn his consent to the treatment and he does not have another legal basis; the User opposes the treatment and there is no other legitimate reason to continue with it; the personal data have been processed illicitly; the personal data have been the product of a director of information society services to a child under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of its application, will take reasonable measures to inform other potential controllers who are processing the personal data of the data subject’s request for deletion of any link to that personal data.
Right to limitation of data: It is the right of the User of the Website to limit the processing of their data. The Website User has the right to obtain the limitation of processing when he challenges the accuracy of his data; the processing is illegal; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the Website User has objected to the treatment.
Right to data portability: In those cases where the processing is carried out by automated means, the Website User will have the right to receive his personal data from the Data Controller in a structured, commonly used and machine-readable format, and to transmit them to another controller. whenever technically possible, the Data Controller will transmit the data directly to the other Responsible.
Right to object: It is the User’s right not to carry out the processing of their personal data or to cease the processing of them by the Data Controller.
Right not to be subject to automated decisions and/or prolling: The right of the Website User not to be the subject of an individualized decision based solely on the automated processing of their personal data, including prolling, existing unless current legislation establishes otherwise.
Right to revoke consent: It is the right of the Website User to withdraw, at any time, the consent given for the processing of their data.
Right to file a data protection claim with the Control Authority: Spanish Data Protection Agency
The interested party can exercise any of the aforementioned rights by contacting the Data Controller and after identifying the User using the following contact information:
Responsible: WorldBuddy Travel Inc.
Address: 81 Birkallum Drive C1B 0T8 Mermaid Prince Edward Island
Phone: +1 7789601274
E-mail: info@worlbuddy.ca
Website: https://worldbuddy.ca/
You can also exercise your rights before the Data Protection Officer:
Email: privacy@auratechlegal.es – Phone: +34 91 1134963
How can you exercise your rights about your data?
For the exercise of your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so as follows:
Data Controller: WorldBuddy Travel Inc.
Address: 81 Birkallum Drive. C1B 0T8, Mermaid (Prince Edward Island), Canada
Phone Number: +1 7789601274
E-mail: info@worlbuddy.ca
Web Site: https://worldbuddy.ca/
How can you leave a claim?
In addition to your rights, if you believe that your data is not being collected or processed by current Data Protection regulations, you can claim with the Control Authority, whose contact details we indicate below:
Agencia Española de Protección de Datos
C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
Email: info@aepd.es- Phone: 912663517
Web: https://www.aepd.es
13. ACCEPTANCE
Acceptance and making available to you this document indicates that you understand and accept all the clauses of our privacy policy so you authorize the collection and processing of your personal data in these terms. This acceptance is made by activating the “Reading and Acceptance” checkbox of our Privacy Policy. WorldBuddy reserves the right to modify this Privacy Policy, by its criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency. Changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any right of the Website User, will be explicitly communicated to the user.
Children’s Information
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
WorldBuddy Travel Inc. along with any applications designed and made public by WorldBuddy Travel Inc. does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
Information on Statement Changes
We may update this Statement in the future. If we believe any changes are material, we will let you know by doing one or more of the following: sending you a communication about the changes, placing a notice on the website and app, and/or posting an updated Statement on the website and app. We will note at the top of this Statement when it was most recently updated. We encourage you to check back from time to time to review the most current version and to periodically review this Statement for the latest information on our privacy practices.
Consent
By using our website or app, you hereby consent to our Privacy Policy and agree to its terms.
Questions?
We believe you should be able to access and control your personal information no matter where you live. Depending on how you use our Service, you may have the right to request access to, correct, amend, delete, port to another service provider, restrict, or object to certain uses of your personal information (for example, direct marketing). We will not charge you more or provide you with a different level of service if you exercise any of these rights.
It is our goal to make our privacy practices easy to understand. If you have questions, concerns or if you would like more detailed information, please contact us at:
WorldBuddy Travel Inc.
81 Birkallum Drive
Mermaid, PE, C1B 0T8, Canada
joinworldbuddy@gmail.com