Privacy Policy
RECENT CHANGES
We regularly review our policies to ensure we’re presenting important information to our Members in a clear and straightforward way that’s easy to understand. We periodically update our Privacy Policy and other policies like our Terms of Use and Community Guidelines as we introduce new services and features, respond to new laws around the world, and protect your privacy and rights.
Here are some highlights of what we’ve updated in our Privacy Policy:
We have recently updated our Privacy Policy to reflect our certification to the Data Privacy Framework (DPF), a set of privacy obligations designed to ensure that personal data transferred from the European Union, the UK and Switzerland to the United States receives an equivalent level of protection as it would under European, UK or Swiss law. Our participation in the Data Privacy Framework reflects our commitment to continue to meet high standards of data privacy and security, and ensuring your personal information is handled with care, transparency, and in compliance with the Data Privacy Framework principles.
For more information about the Data Privacy Framework principles and to view our certification, please visit the US Department of Commerce’s Data Privacy Framework website.
VERO Privacy Policy
Revised: December 16, 2024
Welcome to VERO, the online and mobile social networking service of VERO Labs, Inc. (“VERO,” “we,” or “us”).
VERO respects your privacy. It’s one of the core values of our social network.
The purpose of this privacy policy (“Privacy Policy”) is to help explain how we collect, use, protect, and disclose information and data when you use the VERO website (the “Site”) and any VERO mobile application (including the “VERO App”), application programming interfaces, and other services we offer (collectively the “Services”).
This Privacy Policy also explains your choices about the collection and use of your information, including opting out of certain uses of your Personal Information (defined below). This Privacy Policy applies to all users of the VERO Website and Services. In addition to the Privacy Policy, please also read our Terms of Use.
Your use of VERO Services is at all times subject to the Terms of Use and it’s where you can find any terms not directly defined in this Privacy Policy.
We have tried to make this Privacy Policy clear and easy to understand, and we recommend you read it carefully. If you have any questions about this policy, please get in touch with us at [email protected] and the team will be happy to help.
1) Managing Your Information Preferences
You may control your information in the following ways:
Modifying or Deleting Your Account Information. You can review, correct, update, or change your Personal Information through your account. If you have any questions about reviewing or modifying your account information, you can contact us directly at [email protected].
Email Communication Preferences. You may receive emails from us about the Services from time to time, such as emails about the status of your account or product updates. We will only send marketing emails if you have consented to us sending them to you. You may unsubscribe from such messages at any time. However, there are certain communications about the Services that we need to send you, like important updates to the Terms of Use or Privacy Policy. You may not opt out of these types of messages.
Push Notifications. You can stop receiving push notifications from us by changing your preferences in the iOS or Android notifications settings menu.
2) Information We Collect
Personal Information
“Personal Information" is any information about one of our users which could, alone or together with other information, personally identify them or otherwise be reasonably linked or connected with them. Information such as a username and password, an email address, a real name, an Internet protocol (IP) address, and a photograph are examples of “Personal Information.” We collect the following categories and types of Personal Information when you interact with us:
Contact Information you provide: your first and last name, phone number, email address, shipping address and billing address. We only collect your shipping and billing information if you choose to use our “Buy Now” feature or “Donate Now” feature; however, this information is passed to our payment processor, Stripe (who then shares it with the vendor or charitable organization you are buying from or donating to). We do not access or store your credit card information or shipping information. Stripe’s use of your personal information is governed by their privacy policy. To view Stripe’s privacy policy, please click here;
Other Identifiers: such as IP address and third-party social media handles (if you opt in to cross-posting to other social media services, post it on your VERO App account, or if you provide this information in support of your request to verify your VERO App account);
Identity Verification Information: If you choose to verify your VERO app account, we rely on an independent third-party identity verification provider, Yoti, that requires our users to provide their identity verification information on the provider’s own site or service. If you choose to verify your identity with our third-party identity verification provider, the provider’s processing of personal information, including biometric information, will be subject to the provider’s own terms and privacy policy (which will be presented to the customer during the verification process). To view Yoti’s privacy policy, please click here.
As part of the identity verification process, you may be asked to submit your name, phone number, email address, date of birth, government identification number and copies of government identification documents, along with a selfie image and/or video. The provider may use a combination of machine learning tools and optical scans to authenticate your identity document and conduct a “liveness” check, and may use facial recognition technology to produce a unique biometric identifier based on facial geometry that can be used to compare your selfie to the image on the identity document you provided to determine the likelihood that the images are a "match." In this circumstance, the provider may retain a copy of your selfie image, video, and/or government ID (as well as the biometric facial geometry extracted from the images) for the purposes and length of time described in that provider’s privacy policy, including for the purpose of streamlining future identity verification attempts using that provider’s identity verification platform. Please review the provider’s privacy policy closely to understand how your personal information, including biometric information, will be used, disclosed and retained by the identity verification provider.
VERO does not receive the biometric identifier generated from the images, however, for identity verification and security purposes, VERO will receive the results of the identity verification process, including the images of your ID and the results of the liveness check, as well as text extracted from the ID scan. We may use some or all of this information and associated information to verify your account.
Payment Information: credit card and debit card numbers (if you choose to use our “Buy Now” feature or “Donate Now” feature; however, please note that we use a third party payment processor, Stripe, to process this information. As such, we do not retain any personally identifiable financial information in connection with credit or debit card payments, such as credit card numbers.);
Information about your device (e.g. iPhone or Android phone model, device identifiers) so that we may send you push notifications (if you so choose);
Geolocation data (general geolocation data may be derived from your IP address; we may also collect your location data if you tag a post with a location);
Internet or other electronic activity (all anonymized and not used to identify you or your individual user behavior): your browsing and click history on the VERO App (e.g. likes, clicks on posts), including information about how you navigate the VERO App and which elements of the VERO App you use the most; and
Visual, audio, and text information: photos and videos that you post on the VERO App and any text content you’ve posted such as comments to a post, captions to your photos and videos, or chat messages exchanged through the VERO App. We “collect” this in order to store it to be shown on the VERO App to those you are sharing it with but we do not use this content for any other purpose.
You may be asked to provide us with Personal Information when you register with or use the VERO Website, the VERO App, or any of our other Services, and at other times.
In addition, we collect the following information for security purposes. We make use of security tools such as anti-fraud / hacking detection and code decompile detectors in our app that are designed to further protect your data and require us to collect the following information:
device identifiers, operating system and log data (e.g., the date/time of visit, the time spent on our Services, the electronic path taken to our Services, through our Services and when exiting our Services, and any errors that may occur during the visit to our Services); and
IP address; and
and general geographic location based on IP address or device location.
This data is used for security purposes in using tools to guard against bad actors like frauds and hackers and their malicious code / bots and not for any other purpose.
If you report a problem with the VERO App to us, we may also ask you to send log data to us to enable us to diagnose and fix that problem.
Usage Info: If you opt into this feature, we also automatically collect how much time you are spending in the app (“Usage Info”), which powers the “Usage Info” feature on the VERO App. If you choose to enable it, this feature shows your time spent on the VERO App broken out by days and times to better inform you of how you use the VERO App – no other user can access this information. This information is only stored on your device, your iCloud account (if on iOS), and anonymized and encrypted on our servers.
Categories of Use
We use your Personal Information for the following purposes:
Transactional Purposes: We use your contact information, payment information, and other identifying information you have given us to:
To open your account;
To allow you to find others and have others find you on the VERO App;
To facilitate transactions if you buy a product through our “Buy Now” feature or donate to a charity through our “Donate Now” feature; and/or
To enable you to share content with others on the VERO App (you can control the audience for each post and communication)
Analytical Purposes: We use your anonymized internet or other electronic activity and geolocation data on the VERO App to analyze preferences, trends, and statistics to better improve the VERO App and our Services for our users and promote our Services.
Marketing Purposes: We may use your contact information and internet or other electronic activity to inform you of our new products, services, opportunities and offers. You may opt out of these messages at any time in the message itself or on the VERO App.
Maintenance and Improvement of Site and Services: We use your contact information and internet or other electronic activity to:
To provide and maintain functionality of the VERO Website, the VERO App, and our other Services;
To improve the VERO Website, the VERO App, and our other Services and better serve our users;
To handle your customer services requests, including directing your questions to appropriate team members, investigate, and address any of your concerns, and improve and monitor our customer support responses; and
To help us diagnose technical and service problems and administer the VERO Website, the VERO App, and our other Services.
Security and Fraud Prevention: We may use your contact information, audio and visual information, other identifying information and internet or other electronic activity to protect the VERO Website, the VERO App, and our other Services, our company and others, and for fraud detection, theft prevention, emergency response purposes, and legal compliance.
Sources of Personal Information
We collect information from the following sources:
We collect information directly from you. We collect contact and certain identifying information directly from you when you register for an account on the VERO App. Also, if you choose to cross-reference your contact list on your device with the list of users on the VERO App, your contacts’ phone numbers (though not their names) may be used and stored to allow you to: invite your contacts to the VERO App, connect with those who are also already on the VERO App, or provide you with updates if and when your contacts join the VERO App.
We collect information from your activity on the Services. We automatically collect information regarding the actions you take on the VERO App and Site (“Analytics Data”), which we use for our own analytical purposes to improve the VERO App and our other Services. All Analytics Data collected from the App is anonymized and aggregated. We do not share Analytics Data from the App with any third parties other than our Service Provider which provides us the analytics platform. Analytics Data collected from certain portions of the VERO Website may be used for advertising purposes. Please see below and the “Third-Party Data Collection and Online Advertising” sections of our Privacy Policy for more information.
Advertising and referrals. We do not display advertising on the VERO website or app, but we may collect certain identifying information (e.g. device ID, or IP address) and Internet or other electronic activity on certain portions of the VERO website passively using tools like browser cookies, SDKs, and other similar technologies through Service Providers for referral tracking. For example, if you click on one of our ads for the VERO App on another website, we may track that action and market the VERO App to you through another ad. We may also use this information for our own analytics purposes to improve the VERO app and our other Services. This activity is further described in the “Cookies and Anonymous Identifiers and “Third-Party Data Collection and Online Advertising” sections below.
3) When We Share Information with Third Parties
Our Service Providers
From time to time, we may engage other businesses whom we believe trustworthy and who have confirmed that their privacy practices are consistent with ours (“Service Providers”). For example, we may engage Service Providers to provide certain services, such as hosting and maintenance, data storage and management, payment processing, data enhancement services, fraud prevention, and marketing and promotions. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Information other than as specified by us.
Our Affiliates
We may share Personal Information and Usage Data (again, anonymized) with businesses controlling, controlled by, or under common control with VERO. If VERO is merged, acquired, or sold, or in the event of a transfer of some or all of our assets, we may disclose or transfer Personal Information and Usage Data in connection with such transaction. You will have the opportunity to opt out of any such transfer if, in our discretion, it will result in the handling of your Personal Information in a way that differs materially from this Privacy Policy.
Law Enforcement and Courts
We cooperate with government and law enforcement officials and private parties (for example, in connection with providing information relevant to a pending lawsuit or investigation) to enforce and comply with the law. We may disclose Personal Information and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to legal requests (including court orders and subpoenas), to protect the safety, property, or rights of our company or of any third-party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.
Ad Networks and Advertising Partners
We work with third-party ad networks and advertising partners to deliver advertising and personalized content promoting the VERO app on other websites and services. These parties may collect information directly from a browser or device when an individual visits our Website through cookies or other data collection technologies. This information is used to provide and inform targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. For more information, please see the “Third-Party Data Collection and Online Advertising” section.
Cookies and Anonymous Identifiers
We may use cookies and similar technologies to store anonymous identifiers (a random string of characters) and other user information on your device to remember your settings and temporarily (until the data is removed from your device or the cookie runs out) identify you. We may also use this to collect Usage Data to analyze use of and improve the VERO Website, the VERO App, and our other Services. Most web browsers are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent, however, certain features of the Services may not work if you delete or disable cookies. Some of our Service Providers may use their own cookies, anonymous identifiers, or other tracking technology only in connection with the services they perform on our behalf to keep the Services functioning.
4) Personal Information You Make Available to Others
By using the VERO Website or the Services you may make certain of your Personal Information available to others. For example, when you post a comment or a photo on the VERO App other users may see your name, content, and other information that you choose to make available to them. Any information or content that you voluntarily disclose for posting to the VERO App becomes available to the public, as controlled by any applicable privacy settings.
You can change your privacy settings directly in the VERO App at any time by going to your profile setting. Subject to your profile and privacy settings, any user content that you make public is searchable by other users, including on the VERO Website. If you remove information that you posted to the VERO App, copies may remain viewable in cached and archived pages of the VERO App, or if other users have copied or saved that information.
In addition, we may share certain information about you, such as IP address, with your consent or direction. For example, if you search for an image using Bing, your search terms and IP address may be shared with Microsoft Corporation. In some instances, such as with your use of Bing, these third parties’ privacy practices are governed by their respective privacy policies. Bing’s privacy policy is available at https://privacy.microsoft.com/en-us/privacystatement.
5) Inviting a contact to use VERO from the “Add Contacts” feature; Sharing your Contact Information; Finding contacts on VERO
We provide three features in the VERO App for you to expand your network on VERO: “Invite Friends,” “Add Contacts,” and in-app discovery.
Our “Invite Friends” enables you to invite others onto the VERO App. You can also find people you know on the VERO App through our “Add Contacts” feature or by searching names and usernames on the VERO App. “Add Contacts” allows you to find contacts either through the contact list on your mobile device or through a search of names and usernames on the VERO App. When you register for an account you have the option to notify other VERO Users in your contact list that you have joined the Service.
If you choose to use any of these features, you will be asked to grant us permission to access and collect only the phone numbers from your contact list on your mobile device and such information. Note that we do not collect the names or any other information associated with these phone numbers. You may turn off this access at any time in your profile settings so that we no longer can access your contact list.
Additionally regarding the “Invite Friends” feature, you understand that you are directly sending a text or email from your own phone or e-mail accounts. In addition, you understand and agree that normal carrier charges apply to communications sent from your phone. Since this invitation is coming directly from your email or phone, we do not have access to or control this communication.
If you choose to add your contacts through a search of names or usernames, then simply type a name to search and see if that name or username appears on the VERO App.
Similarly, when other VERO App users use the “Add Contacts” feature on the VERO App, we will identify you as a VERO App user to that user if your contact information is already in their contact list.
6) Third-Party Data Collection and Online Advertising
We do not display third party advertising on the VERO Website, the VERO App, or our other Services. We may, however, allow third-party companies to collect certain information for advertising purposes on certain portions of the VERO Website, or when you interact with ads for our products and services on third party sites (such as by clicking on the ad or downloading our app), in the contexts described further below.
Specifically, we permit third party online advertising networks, social media companies and other third-party services, to collect information about your use of the VERO Website over time so that they may play or display ads for our products and services on other websites or services you may use, and on other devices you may use. Typically, though not always, the information used for interest-based advertising is collected through tracking technologies, such as cookies, web beacons, embedded scripts, location-identifying technologies, and similar technology, which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the VERO Websites, AdID, and other similar information. If permitted by your device settings, they may also collect location data through GPS, Wi-Fi or other methods. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms.
We may engage in the following:
Social Media Platforms. We may display targeted advertising to you through social media platforms, such as Facebook, Twitter, Instagram, Pinterest, and other social media forums. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. They may collect information from our website visitors through a first-party pixel, in order to direct targeted advertising to you or to a custom audience on the social media platform. These advertisements are governed by the privacy policies of those social media companies that provide them. If you do not want to receive targeted ads on your social networks, you may be able to adjust your advertising preferences through your settings on those networks.
Third Party Partners. We work with certain third-party partners to provide advertising-related services, including on specific portions of the VERO Website. We do this to promote VERO on third party websites. For example, we use Google Analytics to recognize you and link the devices you use when you visit specific portions of the VERO Website on your browser or mobile device or otherwise engage with us. We share a unique identifier with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our Services and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's website, “How Google uses data when you use our partners’ sites or apps” located at http://www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here: https://tools.google.com/dlpage/gaoptout/.
We may also utilize certain forms of display advertising and other advanced features through Google Analytics to advertise our Services to you on third party websites. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the Google Ads advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Services. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences, or by visiting NAI’s online resources at http://www.networkadvertising.org/choices.
To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Digital Advertising Alliance’s (DAA) resources and/or the Network Advertising Initiative’s (NAI) online resources, at http://www.aboutads.info/choices or http://www.networkadvertising.org/choices/. You may also be able to limit interest-based advertising through the settings menu on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest-based ads” (Android). You may also be able to opt-out of some — but not all — interest-based advertising served by mobile ad networks by visiting http://youradchoices.com/appchoices and downloading the mobile AppChoices app.
Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us. It means that the online ads that you do see from DAA program participants should not be based on your interests. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles.
7) Security
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the VERO Website or Services, we cannot and do not guarantee the security of any information you transmit on or through the VERO Website or Services, and you do so at your own risk.
8) Links
Our Site and Services may contain links to other websites or services or allow others to send you such links. A link to a third-party’s website or service does not mean that we endorse it or that we are affiliated with it. We do not exercise control over third-party websites or services. You access such third-party websites or services, or the content on them, at your own risk. You should always read the privacy policy of a third-party website or service before providing any information to that website or service.
9) Children’s Privacy
The VERO Website, the VERO App, and our other Services are intended for users who are 13 years old or older. We do not knowingly collect Personal Information from children under the age of 13. If we become aware that we have inadvertently received Personal Information from a child under the age of 13 without verification of parental consent, we will delete such information from our records. California users under the age of 18 may request the removal of their content or information publicly posted on the Vero Website or Services by emailing us at [email protected].
10) Location of Processing
Please be aware that your Personal Information and communications may be transferred to and maintained on servers or databases located outside your state, province, or country. We store and process the information that we collect in the United States in accordance with this Privacy Policy though our Service Providers may store and process data outside the United States. The laws in the United States may not be as protective of your privacy as those in your location. By using the VERO Website or Services, you agree that the collection, use, transfer, and disclosure of your Personal Information and communications will be governed by the applicable laws in the United States. If you are located in the EU, UK or Switzerland, please see the “Additional EU, UK and Switzerland Privacy Disclosures” for additional information about how your personal information may be transferred internationally.
11) EU, UK and Switzerland Residents
If you are located in EU, UK, or Switzerland, please see the “Additional EU, UK and Switzerland Privacy Disclosures” for additional EU, UK and Switzerland-specific privacy disclosures.
Important Notice for Individuals of the European Economic Area, United Kingdom, and Switzerland
VERO complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as set forth by the U.S. Department of Commerce. VERO has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. VERO has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
VERO is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Complaints per the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles, VERO commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, UK, or Swiss individuals with inquiries or complaints regarding this notice should first contact VERO at [email protected].
VERO has committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to an independent dispute resolution mechanism, the JAMS dispute resolution mechanism. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Onward Transfer to Third Parties
In the event that we disclose your personal information to third parties to perform certain business-related services on our behalf as our “agents” (as such term is utilized under the Data Privacy Framework), we will do so only for limited and specified purposes consistent with any notice provided to you or your choices regarding processing and disclosure. These companies perform services at our instruction and pursuant to contracts which require they provide at least the same level of privacy protection as is required under the Data Privacy Framework and notify us if they are no longer able to provide such protections, at which point we will take reasonable remedial steps. We may also disclose personal information to our affiliates in order to support marketing, sale, and delivery of any services, or other business operations as disclosed in this Privacy Policy.
VERO’s accountability for personal information that it receives under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, VERO remains responsible and liable under the DPF Principles if third-party agents that it engages to process the personal information on its behalf do so in a manner inconsistent with the Principles, unless VERO proves that it is not responsible for the event giving rise to the damage.
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Option to Limit Certain Onward Transfers to Third Parties
Individuals have the opportunity to opt-out of sharing of their personal information with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information under the Data Privacy Framework, please submit a written request to [email protected] indicating as such.
We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent.
In each instance, please allow us a reasonable time to process your response.
Your DPF Rights
Upon request to [email protected], we will confirm whether we are processing your personal information pursuant to the DPF and provide you with the data within a reasonable time. You also have the right to correct, amend, or delete the personal information processed pursuant to the DPF where it is inaccurate or has been processed in violation of our privacy disclosures to you, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests.
Personal Information Retention
We will retain the personal information processed pursuant to the DPF in a form that identifies you pursuant to our retention policy described above. We may continue processing such personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of our privacy disclosures. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.
How We Protect Your Data
We will implement reasonable and appropriate security measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data.
12) How Long Does VERO Keep Information About Me
Following termination or deactivation of your account, we may retain your profile information and user content for a commercially reasonable amount of time for backup, archival, or audit purposes, but in no event for longer than is allowed under applicable data protection laws. For individuals based in the EU, UK or Switzerland please see the “Additional EU, UK and Switzerland Privacy Disclosures”.
13) U.S. State Privacy Rights
If you are a resident of the States of California, Colorado, Connecticut, Nevada, Utah and Virginia, you have additional rights regarding your Personal Information. Please see the “Additional U.S. State Privacy Disclosures” below for additional information.
14) Privacy Policy Changes
We may change this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will inform you by posting the revised Privacy Policy on the VERO Website. Those changes will go into effect on the “Revised” date shown in the revised Privacy Policy. By continuing to use the VERO Website or Services, you are consenting to the revised Privacy Policy.
15) Contact Us
If you have any questions about this Privacy Policy or the Services, please contact us at any time at [email protected].
ADDITIONAL U.S. STATE PRIVACY DISCLOSURES
For Nevada Residents: If you are a resident of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not sell covered information, please contact us at [email protected] with the subject line “Nevada Opt Out Request” to submit such a request.
For residents of the States of California, Colorado, Connecticut, Utah and Virginia: These Additional U.S. State Privacy Disclosures (“U.S. Disclosures”) supplement the information contained in our Privacy Policy by providing additional information about our personal information processing practices relating to individual residents of these States. For a detailed description of how we collect, use, disclose, and otherwise process personal information in connection with our services, please visit our Privacy Policy. Unless otherwise expressly stated, all terms defined in our Privacy Policy retain the same meaning in these U.S. Disclosures.
For the purposes of these U.S. Disclosures, personal information does not include publicly available information or deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.
Collection and Use of Personal Information
We collect personal information from and about individuals for a variety of purposes. To learn more about the types of personal information we collect, the sources from which we collect or receive personal information, and the purposes for which we use this information please refer to the “Information We Collect” section of our Privacy Policy. We do not use personal information for profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.
Sales and Sharing for Targeted Advertising
We do not “sell” personal information as most people would typically understand that term. However, on certain portions of the VERO Website, we do allow certain third-party partners and providers to collect information about consumers directly through our services for purposes of analyzing and optimizing our services, displaying ads on third party sites, providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. This practice may be interpreted to constitute a “sale” under the U.S. state privacy laws, or may constitute the “sharing” or processing of your personal information for cross-context behavioral advertising purposes. Unless you have exercised your right to opt-out, we may disclose or “sell” your personal information, or “share” your personal information with third parties for cross-context behavioral advertising purposes. The third parties to whom we “sell” or “share” personal information may use such information for their own purposes in accordance with their own privacy policies.
We have “sold” or “shared” the following categories of personal information for the purposes described in our Privacy Policy, subject to your settings and preferences and your Right to Opt-Out: Identifiers, Commercial Information, and Internet/Network Information.
The categories of third parties to whom we may sell or share the personal information include:
Online Advertising Networks and Analytics Providers
Social Networks
We may also disclose personal information for the purposes described in the “When We Share Information with Third Parties” section of our Privacy Policy.
Data Retention
We will usually store the personal information we collect about you for no longer than necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal information for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.
To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.
When an individual discontinues the use of our services, we will retain their personal information for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices they have made, such as to receive marketing communications. In particular, we will retain personal information supplied when joining our services, including complaints, claims and any other personal information supplied during the duration of an individual’s contract with us for the services until the statutory limitation periods have expired, when this is necessary for the establishment, exercise or defense of legal claims.
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal information, as well as the potential risk of harm from unauthorized use or disclosure of your personal information.
Once retention of the personal information is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal information or, if this is not possible (for example, because personal information has been stored in backup archives), then we will securely store the personal information and isolate it from further processing until deletion or deidentification is possible.
Sensitive Information
The following personal information elements we collect may be classified as “sensitive” under certain privacy laws (“sensitive information”):
Government identification number: If you ask us to verify your account, your driver’s license, state identification card, or passport number will be collected by our third-party identity verification provider to process your account verification application.
Biometric information: If you choose to verify your account, your biometric information will also be collected and processed by our third-party identity verification provider.
Debit/credit card number: If you make a purchase or a donation via VERO’s “Buy Now” or “Donate Now” features, your Credit/debit card number plus expiration date and security code (CVV) will be collected by Stripe;
Username and password; and
Precise geolocation data: If you choose to include your location information with your post, we will collect this location information connected to your post in order to provide you with this Service.
We also store the contents of your comments and chat communications with other users of the app on our servers to provide the Services. We may also obtain certain analytics information about how you interact with the platform in aggregate or anonymized form.
We only use or disclose sensitive personal information for the following purposes, where such use or disclosure is necessary and proportionate for those purposes: for performing services you have requested, for detecting security incidents, fraud and other illegal actions, to ensure the physical safety of natural persons, or to perform services on behalf of the business. We do not sell sensitive information, and we do not process or otherwise share sensitive information for the purpose of targeted advertising. However, depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to withdraw your consent for our processing of sensitive information (as described in the “Your Privacy Choices” section below).
Deidentified Information
We may at times receive, or process personal information to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.
Your Privacy Choices
Depending on your state of residency, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):
The Right to Know. The right to confirm whether we are processing personal information about you and, under California law only, to obtain certain personalized details about the personal information we have collected about you, including:
The categories of personal information collected;
The categories of sources of the personal information;
The categories of personal information disclosed to third parties (if any), and the categories of recipients to whom the personal information were disclosed;
The categories of personal information shared for cross-context behavioral advertising purposes (if any), and the categories of recipients to whom the personal information were disclosed for those purposes; and
The categories of personal information sold (if any), and the categories of third parties to whom the personal information were sold.
The business or commercial purposes for collecting, or, if applicable, selling or sharing the personal information.
The Right to Access and Portability. The right to obtain access to the personal information we have collected about you and, where required by law, the right to obtain a copy of the personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
The Right to Request Deletion. You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
The Right to Correction. You have the right to request that any inaccuracies in your personal information be corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.
The Right to Withdraw Consent. If you have provided consent for the processing of your personal information, you may have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information before your withdrawal.
The Right to Opt Out of Sales or Sharing for Targeted Advertising Purposes: The right to direct us not to sell or share personal information for certain targeted or cross-context behavioral advertising purposes.
Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.
How to Exercise Your Privacy Rights
To submit a request to exercise one of the privacy rights identified above, please submit a request by:
Emailing [email protected] with the subject line “Data Subject Rights Request”;
We may need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account, if you have one. We will only use personal information provided in connection with a consumer rights request to review and comply with the request.
In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
Authorized Agents
In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth in these U.S. Disclosures where we can verify the authorized agent’s authority to act on your behalf.
To verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.
To Exercise Your Opt-Out Rights
Unless you have exercised your Right to Opt Out, and as described in the “Sales and Sharing for Targeted Advertising” section of these U.S. Disclosures, we may “sell” your personal information to third parties in relation to online tracking technologies, or “share” your personal information to third parties for cross-context behavioral advertising purposes (targeted advertising) for the purposes of analyzing and optimising our services, delivering ads for VERO and measuring the success of ad campaigns. The third parties to whom we “sell” or “share” personal information may use such information for their own purposes in accordance with their own privacy policies, which may include reselling or sharing this information to additional third parties.
To facilitate these targeted advertising purposes, we and our third-party providers use cookies and related technologies to collect personal information about users of our Site. To manage your right to opt-out as it relates to the use of cookies and related technologies that involve the “sale” of personal information or the use of personal information for targeted advertising purposes on our Site, please click here.
Please note these cookie options may be unchecked or opted out by default. In addition, this opt-out tool is device and browser specific, so you will need to change your preferences on each device and browser you use to interact with the VERO Website.
You can also opt out of cookie-based sales by businesses that participate in the DAA’s CCPA Opt-Out Tool by visiting https://www.privacyrights.info/. In addition, you may exercise your non-cookie-related rights by following the instructions provided at the beginning of this “How to Exercise Your Privacy Rights” section.
Appealing Privacy Rights Decisions
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing [email protected].
Colorado Residents: If your appeal is denied, you may contact the Colorado Attorney General to address your concerns here.
Connecticut Residents: If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint here.
Virginia Residents: If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint here.
CALIFORNIA-SPECIFIC DISCLOSURES
The following disclosures only apply to residents of the State of California.
Personal Information Collection. In the last 12 months, we may have collected the following categories of personal information:
Identifiers, such as name, phone number, email address, shipping and billing address, IP address, account password or other similar identifiers.
California Customer Records (Cal. Civ. Code § 1798.80(e)), such as your name; our third party payment processor may also collect credit card number or other payment account number (including the three (3) or four (4) digit validation code for your credit card), if you choose to provide it.
Protected Classification Characteristics, such as your age and gender if you choose to share it.
Commercial Information, such as your shopping history and purchasing and ordering behavior on VERO (should you choose to purchase products via VERO’s Buy Now functionality).
Internet/Network Information, such as log and analytics data and information regarding your interaction with the websites.
Geolocation Data, such as your general location derived from your IP address.
Sensory Information, such as photos and videos that you choose to post to the app.
Other Personal Information, such as information you post on our platform including pictures or videos of you, or other information you submit to us to publish to/share with your followers.
For more information about our collection of personal information, the sources of personal information, and how we use this information, please see the “Information We Collect” section of our Privacy Policy.
Disclosure of Personal Information. In the last 12 months, we may have disclosed all of the categories of information we collect for a business purpose to service providers or other third parties at the consumer’s direction, as outlined in the “When We Share Information with Third Parties” section of the Privacy Policy.
Sale or Sharing of Personal Information. In the last 12 months, we have “sold” or “shared” the following categories of personal information: Identifiers and Internet/Network Information. The categories of third parties to whom we “sell” or “share” your personal information may include: online advertising networks and analytics providers, and social networks.
In addition, please see the “Third-Party Data Collection and Online Advertising” section of the Privacy Policy to learn more about the specific circumstances in which third-party advertising networks, social media companies and other third party businesses collect and disclose your personal information directly from your browser or device through cookies or tracking technologies when you visit or interact with certain portions of our websites.
Minors.
We do not sell the personal information and do not have actual knowledge that we sell the personal information of minors under 16 years of age unless we have obtained any applicable consents.
If you are under the age of 18 and you want to remove your name or comments from our website or publicly displayed content, please contact us directly at [email protected]. We may not be able to modify or delete your information in all circumstances.
If you wish to submit a privacy request on behalf of your minor child in accordance with applicable jurisdictional laws, you must provide sufficient information to allow us to reasonably verify the minor is the person about whom we collected personal information and you are authorized to submit the request on the minor’s behalf (i.e., you are the minor’s parent, legal guardian, or authorized representative).
“Shine the Light”. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share personal information with third parties for the third parties’ direct marketing purposes (Civ. Code §1798.83).
ADDITIONAL EU, UK AND SWITZERLAND PRIVACY DISCLOSURES
OUR APPROACH TO PRIVACY
1.1 VERO Labs, Inc (“VERO”, “we”, “our”, or “us”) is committed to protecting and respecting your privacy. These Additional EU, UK, and Switzerland Privacy Disclosures (“European Privacy Disclosures”) supplement the information contained in our Privacy Policy and set out additional information about how we collect, store, process, transfer, share and use data that identifies or is associated with you ("personal data") when you access and browse our website ("Website") and our mobile application (“Application”) from the EU, UK or Switzerland as well as additional information regarding our use of cookies and similar technologies. Please ensure that you have read and understood these European Privacy Disclosures alongside our Privacy Policy before you use the VERO Website and Application.
1.2 If you have any questions about these European Privacy Disclosures or how we use your personal data, please contact us using the details at the end of these Disclosures.
2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
VERO Labs, Inc., a company duly incorporated and organised under the laws of the United States of America, having its registered address at 228 Park Avenue S, Suite 131065, New York, NY 10003-1502, USA is the data controller of the personal data we hold about you. This means that we determine and are responsible for how your personal data is used.
3. PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE USE IT
3.1 We collect the categories of personal data set forth in the “Information We Collect” section of our Privacy Policy directly when you use the VERO Website and Application. The table in this section 3 sets out in further detail the categories of personal data we collect about you and how we use that information when you use the VERO Website and/or Application, as well as the legal basis which we rely on to process the personal data and recipients of that personal data.
3.2 We will indicate to you, at the point that we collect personal information from you, if the provision of certain personal data is mandatory or optional. Some information, such as your name, billing address and payment transaction information, and information on your requested services, may be necessary for your use of certain features and functionalities of the services. If you choose not to provide any personal data marked as mandatory, we may not be able to respond to your queries or provide other services to you or respond to your other requests.
CATEGORY OF PERSONAL DATA:
-
How we may use it:
1) We use this information to set up your account on the VERO Website and Application to enable you to share content with users on the VERO Website and Application.2) We use this information to permit others to find you through the VERO Website and Application.
Legal basis for the processing: The processing is necessary for the performance of a contract with you.
Recipients of personal data:
Other users of the VERO Website and Application. When you add content to VERO, we make that content available to people to view - based on the privacy controls you have set for that content.
Amazon Web Services (“AWS”) who host our servers.
3) We use this information to provide the service to you, deliver information and product updates and marketing communications (when you sign up to receive or request such updates).
Legal basis for the processing: We will only process your personal data in this way to the extent that you have given us your consent to do so.
Recipients of personal data:
Mailgun, who provides our third-party email delivery service.
Twilio, who provides our third-party SMS delivery service.
AWS, who host our servers.
4) Where relevant and where permitted under applicable law, we use this information to identify potential risk or unlawful behaviour including fraud detection, theft prevention, emergency response purposes and legal compliance.
Legal basis for the processing: The processing is necessary for our legitimate interests, namely identifying and mitigating the risk of unlawful behaviour to protect the VERO Website and Application, VERO and users.Recipients of personal data:
Where relevant and were permitted under applicable law, law enforcement and regulatory bodies.
AWS, who host our servers.
-
How we may use it:
1) We use this information to handle your customer services requests, including:
directing your questions to the appropriate team members; and
investigating and addressing any concerns.
Legal basis for the processing: The processing is necessary for our legitimate interests, namely to respond to and appropriately investigate your request.
Recipients of personal data:
Zendesk, who provide our third-party customer support and communications.
AWS, who host our servers.
2) We use this information to improve and monitor the VERO Website and Application as well as our customer support responses.
Legal basis for the processing: The processing is necessary for our legitimate interests, namely maintaining our IT systems and their security and maintaining and improving of the VERO Website and Application.
-
How we may use it:
We use this information to facilitate transactions if you buy a product through the “Buy Now” feature or make a donation to a charity via the “Donate Now” feature on the VERO Website or Application.
Legal basis for the processing: The processing is necessary for the performance of a contract with you.
Recipients of personal data:
Stripe, who provide our payment processing facilities and will receive your payment details if you choose to purchase an item or make a donation through the “Buy Now” or “Donate Now” feature on the VERO Application.
The applicable merchant (if buying goods from a third-party) will receive your shipping address.
AWS, who host our servers.
-
How we may use it:
We use this information to facilitate the service offered and enable you to share content on the VERO Website and Application.
Legal basis for the processing: The processing is necessary for the performance of a contract with you.
Recipients of personal data:
Other users of the VERO Website and VERO Application. When you add content to VERO, we make that content available to people to view (based on the privacy controls you have set for that content).
AWS, who host our servers.
-
How we may use it:
We use this information to verify your identity when you submit a request for your account to be verified on the VERO Website and Application.
Legal basis for the processing: We will only process your personal data in this way to the extent that you have given us your consent to do so.
Recipients of personal data:
If you choose to verify your account, your identification information is supplied directly by you to our third-party identity verification provider, Yoti.
AWS, who host our servers.
-
How we may use it:
1) We use this information to ensure that we only send marketing communications to you in accordance with your preferences.
Legal basis for the processing: The processing is necessary to comply with a legal obligation that we are subject to (ePrivacy Directive 2002/58/EC (as amended) in the EU and the Privacy and Electronic Communications (EC Directive) Regulations 2003 in the UK).
Recipients of personal data:
AWS, who host our servers.
Cloudflare, who provides content delivery and protects our back-end services in case of malicious activities.
2) We use this information to enable you to control how your profile information and content are shared on the VERO Website and Application. In addition, we use this information to ensure you are contacted by other users in accordance with your preferences.
Legal basis for the processing: The processing is necessary for the performance of a contract with you.
Recipients of personal data:
AWS, who host our servers.
Cloudflare, who provides content delivery and protects our back-end services in case of malicious activities.
-
How we may use it:
We use this information to enable you to make voice or video calls, if you choose to do so, with other users.
Legal basis for the processing: The processing is necessary for the performance of a contract with you.
Recipients of personal data:
Agora, who provide our third-party voice and video software development kit services.
AWS, who host our servers.
4. PERSONAL DATA WE COLLECT ABOUT YOU AUTOMATICALLY
4.1 We also automatically collect personal data indirectly about how you access and use the VERO Website and/or Application, information about the device you use to access the VERO Website and/or Application and usage information about the length of time you are using the VERO Website and/or Application. We use this information for our own analytical purposes to improve the VERO Website and/or Application and our other services. We typically collect this information through a variety of tracking technologies, including cookies and similar tracking technologies.
4.2 We collect the categories of personal data set forth in the “Information We Collect” section of our Privacy Policy directly when you use the VERO Website and Application. The table in this section 4 sets out in further detail the categories of personal data we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal data and recipients of that personal data. For more information on cookies and other tracking technologies we use, please see Section 8 below.
4.3 We may anonymise and aggregate any of the personal data we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the VERO Website and/or Application and our services or developing new services and features. We may also share such anonymised and aggregated information with others.
CATEGORY OF PERSONAL DATA:
-
How we may use it:
1) Where relevant and where permitted under applicable law, we use this information to identify potential risk or unlawful behaviour including fraud detection, theft prevention, emergency response purposes and legal compliance.
Legal basis for the processing: Legitimate interests, namely identifying and mitigating the risk of unlawful behaviour to protect the VERO Website and Application, VERO and users.
Recipients of personal data:
Cloudflare who provide security services to protect our back-end services in case of malicious activities.
Guardsquare, who provide security services to identify and protect against tampering with the Application.
Amplitude, who provide security services to detect if the Website and/or Application are being attacked.
Google (Firebase), who provide cloud computing services, to facilitate crash reporting e.g., if the Application crashes we can find out why and we can fix it.
2) We use this information to present you with certain features of the Service.
Legal basis for the processing: We will only process your personal data in this way to the extent that you have given us your consent to do so.
Recipients of personal data:
Foursquare, who provide personalised recommendations of places to go near your current location. If you search for a location in Foursquare’s database your personal data will be shared.
Bing, who provide personalised recommendations of places to go near your current location. If you search for a location in Bing’s database your personal data will be shared.
Apple, who provides us with an Apple integration enabling you to search for or interact with Songs or Books to make a VERO post. If you choose to interact with Apple Songs or Books, this information is shared.
-
How we may use it:
Where relevant and where permitted under applicable law, we use this information to identify potential risk or unlawful behaviour including fraud detection, theft prevention, emergency response purposes and legal compliance.
Legal basis for the processing: Legitimate interests, namely identifying and mitigating the risk of unlawful behaviour to protect the VERO Website and Application, VERO and users.
Recipients of personal data:
Amplitude, who provide security services to detect if the Website and/or Application are being attacked.
2) We use this informaton to improve and monitor the VERO Website.
Legal basis for the processing: We will only process your personal data in this way to the extent that you have given us your consent to do so.
Recipients of personal data:
Amplitude, who provide security services to detect if the Website and/or Application are being attacked.
3) We use this information to analyze preference, trends and statistics to better improve the VERO Website and Application.
Legal basis for the processing: We will only process your personal data in this way to the extent that you have given us your consent to do so.
Recipients of personal data: Amplitude, who provide security services to detect if the Website and/or Application are being attacked.
4) We use this information to help us analyze and improve the user experience, fix bugs and errors, develop new features, analyze and monitor trends and keep the VERO Website and VERO Application secure.
Legal basis for the processing: We will only process your personal data in this way to the extent that you have given us your consent to do so.
Recipients of personal data:
Amplitude, for security purposes and detecting if the Website and/or Application are being attacked.
Google (Firebase), for crash reporting e.g., if the Application crashes we can find out why and we can fix it.
Guardsquare, to identify and protect against tampering with the Application.
-
How we may use it:
1) Where relevant and where permitted under applicable law, we use this information to identify potential risk or unlawful behaviour including fraud detection, theft prevention, emergency response purposes and legal compliance.
Legal basis for the proceeding: Legitimate interests, namely identifying and mitigating the risk of unlawful behaviour to protect the VERO Website and Application, VERO and users.
Recipients of personal data:
Guardsquare, to identify and protect against tampering with the Application.
Amplitude, for security purposes and detecting if the Website and/or Application are being attacked.
Google (Firebase), for crash reporting e.g., if the Application crashes we can find out why and we can fix it.
2) We use this information to improve and monitor the VERO website.
Legal basis for the processing: We will only process your personal data in this way to the extent that you have given us your consent to do so.
Recipients of personal data:
Amplitude, for security purposes and detecting if the Website and/or Application are being attacked.
3) We use this information to analyse preferences, trends and statistics to better improve the VERO Website and Application.
Legal basis for the processing: We will only process your personal data in this way to the extent that you have given us your consent to do so.
Recipients of personal data:
Amplitude, for analytics support.
5. HOW LONG WE KEEP YOUR PERSONAL DATA
5.1 The criteria used to determine the period for which personal information about you will be retained varies depending on the legal basis under which we process the personal information:
(a) Contract. Where we are processing personal information based on a contract, we generally will retain your personal information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.
(b) Legitimate Interests. Where we are processing personal information based on our legitimate interests, we generally will retain such information for a reasonable period of time in order to fulfil the legitimate interests, taking into account your fundamental interests and your rights and freedoms.
(c) Consent. Where we are processing personal information based on your consent, we generally will retain your personal information until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal information. With regards to any erasure requests, your account will be removed from the Application and it may take up to one week for your data to be deleted.
(d) Legal Obligation. Where we are processing personal information based on a legal obligation, we generally will retain your personal information for the period of time necessary to fulfil the legal obligation.
(e) Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
6. RECIPIENTS
We may share your personal data with the categories of third parties described in the “When We Share Information with Third Parties" section of the main Privacy Policy above as well as at paragraphs 3 and 4 of this addendum (as required in accordance with the uses set out in Annex 1 and Annex 2).
7. MARKETING
7.1 From time to time we may contact you with information about our products and services, including sending you marketing messages and asking for your feedback on our products and services. Our marketing messages will be sent by email.
7.2 We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails, adjusting your preferences in-app or by contacting us on the contact details provided at the end of this Privacy Policy. We make every effort to promptly process all unsubscribe requests. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Service, technical and security notices).
8. TRACKING TECHNOLOGIES USED IN OUR EMAILS
Our emails may contain tracking pixels that identify email performance information, including delivery status, if and when you have opened an email that we have sent to you, how many times you have read it, and whether you have clicked on any links in that email. We use this information on an aggregate basis to help us measure the effectiveness of our marketing email campaigns, and to understand if you have opened and read any important administrative emails we might send you.
9. STORING AND TRANSFERRING YOUR PERSONAL DATA
9.1 Security. We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All personal data we collect will be stored on our secure servers. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.
9.2 International Transfers of your personal data. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third party service providers have operations. If you are located in the UK, Switzerland or the European Economic Area ("EEA"), your personal data may be processed outside of the UK, Switzerland or the EEA. These international transfers of your personal data will be made pursuant to appropriate safeguards, including:
(a) ensuring that the personal data is transferred to countries recognised as offering an equivalent level of protection by the European Commission or under the Swiss Ordinance to the Revised Federal Data Protection Act or the UK Data Protection Act 2018 (as applicable); or
(b) implementing appropriate safeguards in respect of the processing in question, such as agreements with third party recipients that incorporate standard contractual clauses for transfers of personal data approved by the European Commission or under the Swiss Ordinance to the Revised Federal Data Protection Act or the UK Data Protection Act 2018 (as applicable).
9.3 We may transfer your personal data to, or store your personal data in, the following countries:
COUNTRY & APPROPRIATE SAFEGUARDS
USA: For Swiss and EU users: either:
the Standard Contractual Clauses annexed to Commission Implementing Decision (EU) 2021/914; or
the recipient is certified to the EU-U.S Data Privacy Framework (“DPF”)set forth by the U.S. Department of Commerce and approved by the European Commission.
USA: For UK users: agreements that incorporate terms approved under s119A of the Data Protection Act 2018 for transfers of personal data to recipients in third countries.
(For EU users) UK: Adequacy Decision as adopted by the European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (the GDPR).
(For UK users) EU: Adequacy decision as set out in Schedule 21 the Data Protection Act 2018.
9.4 We will take appropriate steps to ensure that your personal data is treated securely and in accordance with applicable law and these Privacy Disclosures regardless of where it is processed.
9.5 If you wish to enquire further about the safeguards we use, please contact us using the details set out at the end of these Privacy Disclosures.
10. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
10.1 In accordance with applicable privacy laws, you have the following rights in respect of your personal data that we hold:
(a) Right of access. You have the right to obtain:
(i) confirmation of whether, and where, we are processing your personal data;
(ii) information about the categories of personal data we are processing, the purposes for which we process your personal data and information as to how we determine applicable retention periods;
(iii) information about the categories of recipients with whom we may share your personal data; and
(iv) a copy of the personal data we hold about you.
(b) Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
(c) Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.
(d) Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified.
(e) Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
(f) Right to withdraw consent. There are certain circumstances where we require your consent to process your personal data. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
10.2 You have a right to object to any processing based on our legitimate interests. There may, depending on the particular circumstances, be compelling reasons for continuing to process your personal data despite your objection, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
10.3 If you wish to exercise one of these rights, please contact us using the contact details at the end of these Privacy Disclosures.
10.4 We will not charge you a fee for complying with your request to exercise one of these rights, other than where the request is manifestly unfounded or excessive (such as if you submit a number of repeated requests), in which case we may charge you a reasonable fee to cover our administrative costs.
10.5 Due to the confidential nature of data processing we may ask you to confirm your identity when exercising the above rights.
10.6 You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK, information about how to contact your local data protection authority is available here.
11. NOTICE TO YOU
If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the VERO Website and Application.
12. COOKIES AND SIMILAR TECHNOLOGIES
12.1 The VERO Website and Application uses cookies and similar tracking technologies to distinguish you from other users of the VERO Website and Application. Cookies are pieces of code that we transfer to your device for record-keeping purposes. This helps us to provide certain functionalities of the VERO Website and Application, to monitor and improve the VERO Website and Application. We also use cookies and similar tracking technologies on certain portions of the VERO Website to measure and improve the effectiveness of our advertising and to allow our partners to display relevant advertising to you about our Services as you browse the Internet.
12.2 We use the following types of cookies:
(a) Strictly necessary cookies. These are cookies that are required for the operation of our Website and Application. They include, for example, cookies that enable you to log into secure areas of our Website and Application, use a shopping cart or make use of e-billing services.
(b) Analytical/performance cookies. They allow us to recognise and count the number of visitors, to see how visitors move around the VERO Website and Application when they are using it and to monitor the performance of certain features on the VERO Website and Application. This helps us to improve the way the VERO Website and Application works, for example, by ensuring that users are finding what they are looking for easily and to test the rollout of new features.
(c) Functionality cookies. These are used to recognise you as you move around the VERO Website and Application and to remember information that you enter when you use the VERO Website and Application, such as when you fill in a form.
(d) Advertising / Performance Cookies. These cookies are used to make advertising messages about VERO that are displayed on third party websites more relevant to you and your interests. They also perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed, and choosing which ads to display to you based on your interests.
(e) Third party cookies. These cookies are used by third parties on certain portions of our Website for the purposes of serving relevant advertisements for VERO to you based on your interests on our Services.
12.3 The table at this paragraph 8 sets out more information about the cookies we use and how long they remain on your device.
12.4 Other than cookies that are required to operate the Website, we will only place cookies on your device with your consent. You can manage your cookie preferences by clicking the “Manage Cookies” link in the footer of our Website at any time. You can also change your preferences in relation to the cookies you consent to receive through your browser or mobile at any time. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
(a) Cookie settings in Internet Explorer
(b) Cookie settings in Firefox
(d) Cookie settings in Safari web and iOS.
WEBSITE COOKIES AND TRACKING TECHNOLOGIES
-
Type of cookie:
Essential
When is the cookie set?
Not applicable - no cookie set.
How long does the cookie stay on my device?
Not applicable - no cookie set.
Purposes / Additional Information
Information about the fonts that are used on the VERO Website is collected. No information is collected about users visiting the VERO website.
-
Type of cookie
Analytics, Ad targeting
When is the cookie set?
When the user first visits the app download page(s) on the VERO Website [and accepts the cookie popup].
How long does the cookie stay on my device?
90days.
Purposes / Additional information
Google Pixel configuration flags are set to restricted data use or limited data use where possible.
-
Type of cookie
Analytics, Ad targeting
When is the cookie set?
When the user first visits the app download page(s) on the VERO Website [and accepts the cookie popup].
How long does the cookie stay on my device?
90 days.
Purposes / Additional information
This is a tracking pixel used to measure the effectiveness of our advertising on other platforms. The pixel is fired when you opt In to cookies and a cookie is set.
-
Type of cookie
Analytics, Ad targeting
When is the cookie set?
When the user first visits the app download page(s) on the VERO Website [and accepts the cookie popup].
How long does the cookie stay on my device?
90 days.
Purposes / Additional information
This is a tracking pixel used to measure the effectiveness of our advertising on other platforms. The pixel is fired when you opt In to cookies and a cookie is set.
-
Type of cookie
Analytics, Ad targeting
When is the cookie set?
When the user first visits the app download page(s) on the VERO Website [and accepts the cookie popup].
How long does the cookie stay on my device?
90 days.
Purposes / Additional information
This is a tracking pixel used to measure the effectiveness of our advertising on other platforms. The pixel is fired when you opt In to cookies and a cookie is set.
-
Type of cookie
Analytics, Ad targeting
When is the cookie set?
When the user first visits the app download page(s) on the VERO Website [and accepts the cookie popup].
How long does the cookie stay on my device?
1 year.
Purposes / Additional information
This is a tracking pixel used to measure the effectiveness of our advertising on other platforms. The pixel is fired when you opt In to cookies and a cookie is set.
APPLICATION TRACKING TECHNOLOGIES
-
Type of tracking technology
Analytics
Purposes / Additional Information
Used to track user interactions with the application, anonymized.
-
Type of tracking technology
Essential
Purposes / Additional Information
Used to provide location search and information and images about places for place posts
-
Type of tracking technology
Essential
Purposes / Additional Information
Used to provide images for place posts
-
Type of tracking technology
Essential
Purposes / Additional Information
Used to provide music and book search and information and images for music and book posts
-
Type of tracking technology
Essential
Purposes / Additional Information
Used to provide movie search and information and images for movie/TV posts
-
Type of tracking technology
Essential
Purposes / Additional Information
Used to identify crashes, provide global configuration data
-
Type of tracking technology
Essential
Purposes / Additional information
To detect bad actors