Applay Tech SAS and its subsidiaries (collectively, “Koomby,” “we,” “us,” “our”) respect your privacy and are committed to protecting the personal data we hold about you. If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us. Koomby is the data controller of the personal data collected, and is responsible for the processing of your personal data.
Koomby is a social network which enables users to share their content; other users to enjoy content and for some to do both. We refer to those users who share content as “Creators” and those users who pay to view Creators’ content as “Fans”. This Privacy Notice explains our practices with respect to personal data we collect and process about you.
This includes information we collect through, or in association with, our website located at www.koomby.com, our services that we may offer from time to time via our website, our related social media sites (Twitter and Instagram), or otherwise through your interactions with us (the website, our social media pages, and services, collectively, the “Services”).
Please review the following to understand how we process and safeguard personal data about you.
By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice.
This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.
PERSONAL DATA WE COLLECT
Categories of Personal Data We Collect
How We Use Your Personal Data
How We Obtain Your Personal Data
Legal Bases for Processing
Who We Share Your Personal Data With
Personal Data We Share
YOUR RIGHTS REGARDING PERSONAL DATA
Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
Your California Privacy Rights
Your Nevada Rights
Your European Union and UK Privacy Rights
Cookies and Web Tracking
PROTECTING PERSONAL DATA
RETENTION OF PERSONAL DATA
OTHER IMPORTANT INFORMATION ABOUT PERSONAL DATA AND THE SERVICES
Collection of Personal Data from Children
Third-Party Websites and Services
Do Not Track
MODIFICATIONS AND UPDATES TO THIS PRIVACY NOTICE
APPLICABILITY OF THIS PRIVACY NOTICE
ADDITIONAL INFORMATION AND ASSISTANCE
PERSONAL DATA WE COLLECT
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data.
To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this Privacy Notice.
a. Categories of Personal Data We Collect
The types of personal data we collect about you depends on your interactions with us and your use of the Services. In the past twelve (12) months, we collected the below categories of personal data from our users:
Identifiers such as a real name, alias, postal address, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)).
Characteristics of protected classifications under California or federal law.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric information. Note: While we do not collect biometric information, if you choose to authenticate yourself through certain service providers we use, they may collect biometric information subject to their privacy policies, but we are never provided with access to that information.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
Audio, electronic, visual, thermal, olfactory, or similar information.
Professional or employment-related information.
We will not collect additional categories of personal data other than those categories listed above. If we intend to collect additional categories of personal data, we will provide you with a new notice at or before the time of collection.
b. How We Use Your Personal Data
We strive to ensure that the content can be enjoyed by everyone, and to keep the content appropriate, tasteful and lawful. To do that, we collect and process your personal data for the following business and commercial purposes:
Developing, improving, operating, providing, predicting, or performing, including maintaining or servicing accounts, enhancing the Services and your experience with them, providing customer service, processing or fulfilling transactions, verifying your identity, and processing payments.
Communicating with you by email and text about the Services, verifying your identity, responding to support inquiries or, sharing information about the Services.
Auditing related to a current interaction with the user and concurrent transactions.
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
Debugging to identify and repair errors that impair existing intended functionality.
Undertaking internal research for technological development and demonstration.
Undertaking activities to verify or maintain the quality or safety of the Services owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the Services owned, manufactured, manufactured for, or controlled by us.
Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
Enforcing our Terms of Service and other usage policies.
As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.
We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.
c. How We Obtain Your Personal Data
We collect your personal data from the following categories of sources:
Directly from you. When you provide it to us directly to open an account and use the Services, or when you update the information in your account (see the “Accessing, Modifying, Rectifying, and Correcting Collected Personal Data” section below for more information).
Automatically or indirectly from you. For example, through and as a result of your use of and access to the Services. We also collect IP addresses and browser types from the devices you use.
From our service providers.
d. Legal Bases for Processing
We process personal data for, or based on, one or more of the following legal bases:
Performance of a Contract. By using the Services, you have contracted with us through the Terms of Service, and we will process certain personal data to perform under that contract.
Legitimate Interests. We may process personal data for our legitimate interests, including complying with any applicable law, rule or regulation, investigation or remedy; enforcing our Terms of Service; protecting our, our users' or others' rights, property and safety; and detecting and resolving any fraud or security concerns.
Compliance with Legal Obligations and Protection of Individuals. We may process personal data to comply with our legal obligations, including as required by valid legal process, governmental request, and to protect those individuals who use our Services and others.
e. Who We Share Your Personal Data With
We share personal data with the following categories of third parties:
Our service providers.
Our affiliated entities.
Government agencies or regulators when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, or safety, and/or that of our users and others.
f. Personal Data We Share
In the past twelve (12) months, we shared with the following categories of third parties the following categories of personal data for a business purpose:
Identifiers (e.g. name, address, email address, government ID, IP address): Service providers.
Identifiers (e.g. account name): Other Creators and Fans.
Personal information categories listed in the California Customer Records statute (e.g. government ID, bank account numbers): Service providers.
Audio, electronic, visual, thermal, olfactory, or similar information (e.g. content you create): Service providers.
YOUR RIGHTS REGARDING PERSONAL DATA
You have certain rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you.
Your rights vary depending on the laws that apply to you, but may include:
The right to know whether, and for what purposes, we process your personal data;
The right to be informed about the personal data we collect and/or process about you;
The right to learn the source of personal data about you we process;
The right to access, modify, and correct personal data about you (see the “Accessing, Modifying, Rectifying, and Correcting Collected Personal Data” section below for more information);
The right to know with whom we have shared your personal data with, for what purposes, and what personal data has been shared (including whether personal data was disclosed to third parties for their own direct marketing purposes);
The right to withdraw your consent, where processing of personal data is based on your consent; and
The right to lodge a complaint with a supervisory authority located in the jurisdiction of your habitual residence, place of work, or where an alleged violation of law occurred.
See “Your California Privacy Rights”, “Your Nevada Privacy Rights”, and “Your European Union and UK Privacy Rights”, for more information about certain legal rights.
a. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
We strive to maintain the accuracy of any personal data collected from you, and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us. Any updates or corrections to your information may be made through your account settings.
Depending on the laws that apply to you, you may obtain from us certain personal data in our records. If you wish to access, review, or make any changes to personal data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Notice. We reserve the right to deny access as permitted or required by applicable law.
b. Your California Privacy Rights
California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. However, we do not disclose personal data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.
The California Consumer Privacy Act (“CCPA”) provides our users who are California residents the following additional rights:
Right to Know: You have the right to request that we disclose certain information to you about the personal data we collected, used, disclosed, and sold about you in the past 12 months. This includes a request to know any or all of the following:
The categories of personal data collected about you;
The categories of sources from which we collected your personal data;
The categories of personal data that we have sold or disclosed about you for a business purpose;
The categories of third parties to whom your personal data was sold or disclosed for a business purpose;
Our business or commercial purpose for collecting or selling your personal data; and
The specific pieces of personal data we have collected about you.
Data Portability: You have the right to request a copy of personal data we have collected and maintained about you in the past 12 months.
Right to Deletion: You have the right to request that we delete the personal data we collected from you and maintained, subject to certain exceptions. Please note that if you request deletion of your personal data, we may deny your request or may retain certain elements of your personal data if it is necessary for us or our service providers to:
Complete the transaction for which the personal data was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
Comply with a legal obligation.
Otherwise use the personal data, internally, in a lawful manner that is compatible with the context in which you provided the information.
Right to Opt-Out/In: You have the right to opt-out of the sale of your personal data. You also have the right to opt-in to the sale of personal data. However, we do not sell your personal data.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
If you have an account with us, you can exercise any of the above rights from your profile. If you don’t have a profile or if you are unable to access, control, or delete your information from within your profile, you can contact us through any of the above methods.
Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your personal data.
You may only make a verifiable consumer request for Right to Know or Data Portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative. Depending on the nature of the request, we may need to verify your identity through an additional Ondato verification cycle, which requires a government issued ID and a photo requiring your presence through the a (see Identity Verification section below for more information).
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We may deny your request if we are unable to verify your identity or have reason to believe that the request is fraudulent.
Consumer Request by an Authorized Agent
If any authorized agent submits a consumer request on your behalf, in order to confirm that person or entity’s authority to act on your behalf and verify the authorized agent’s identity, we require an email be sent to firstname.lastname@example.org, along with all of the below items:
Proof that you gave the authorized agent signed permission to submit the request.
Sufficient information to verify the authorized agent’s identity, depending on the nature of the request.
To verify your identity, depending on the nature of the request, we may also require a valid Government Issued ID (not expired), email address, and the last 4 digits of the social security number.
We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require to create an account with us.
However, if you do have an existing login, we will require you to log in to submit a request. We will only use personal data provided in a verifiable consumer request to verify the request’s identity or authority to make the request.
We will acknowledge receipt of the request within ten (10) business days of its receipt. We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response electronically.
Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
c. Your Nevada Privacy Rights
Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to email@example.com, and are free of charge.
d. Your European Union and UK Privacy Rights
In addition to the above-listed rights, European Union and UK privacy law provides individuals with enhanced rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data:
The right to object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;
The right to request restriction of processing of personal data or object to processing of personal data carried out pursuant to (i) a legitimate interest (including, but not limited to, processing for direct marketing purposes) or (ii) performance of a task in the public interest;
In certain circumstances, the right to data portability, which means that you can request that we provide certain personal data we hold about you in a machine-readable format; and
In certain circumstances, the right to erasure and/or the right to be forgotten, which means that you can request deletion or removal of certain personal data we process about you.
Note that we may need to request additional information from you to validate your request. To exercise any of the rights above, please visit https://www.koomby.com/terms/faqs or email us at firstname.lastname@example.org.
You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.
a. Communications Opt-Out. You may opt out of receiving email communications from us at any time by following the opt-out link or other unsubscribe instructions provided in any email message received, by contacting us as provided at the end of this Privacy Notice, or by changing your notification preferences in account setting. you wish to opt out by sending us an email to the address provided below, please include “Opt-Out” in the email’s subject line and include your name and the email address you used to sign up for communications in the body of the email. Note, that if you do business with us in the future, you may not, subject to applicable law, opt out of certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g., e-commerce).
b. Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.
c. Cookies and Web Tracking. Consult our Cookie Notice for more information about how to control and/or opt out of certain web tracking technologies.
PROTECTING PERSONAL DATA
We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. Those safeguards include: (i) the encryption of personal data where we deem appropriate; (ii) taking steps to ensure personal data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.
However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
RETENTION OF PERSONAL DATA.
We retain personal data for a period of six (6) months after a user closes their account, and certain personal data for longer periods to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties. Under applicable law, we are required to retain certain financial information for seven (7) years.
OTHER IMPORTANT INFORMATION ABOUT PERSONAL DATA AND THE SERVICES.
a. Identity Verification. We require checks for Creators to ensure that we do not knowingly offer our Services to or collect personal data from anyone under 18 or anyone using a false identity, and offer checks as an option for Fans.
These checks involve providing certain information to one or more of our service providers, currently Ondato, Aristotle, and Jumio which verify your identity.
Ondato, Aristotle, and Jumio all require that you submit your passport or other government identification document, and use facial analysis software to verify your identity. Ondato also requires that you provide a photo of yourself holding your government identification as part of the verification process.
We do not receive your full credit card number, credit card expiration date, or the security code. Instead, the payment provider provides us with a “token” that represents your account, your card’s expiration date, card type and the first two and last four digits of your card number.
If you are required to provide your name and email address to the payment provider, then they also provide us with that information. Payments issued to Creators for their content are made by Koomby using the bank account information that we have collected and stored.
c. Collection of Personal Data from Children. Our Services are not intended for anyone under 18. Anyone under 18 years of age is not permitted to use the Services, and we do not knowingly collect information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older.
d. Third-Party Websites and Services. As a convenience, we may reference or provide links to third- party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business (including, but not limited to, our service providers).
When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk.
This Privacy Notice does not apply to any third-party services; please refer to the Privacy Notices or policies for such third-party services for information about how they collect, use, and process personal data.
e. Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third- party acquirers and may be among those assets transferred.
f. Do Not Track. We currently do not use any cross-site tracking technologies and do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms. Note, however, that you may find information about how to block or reject certain tracking technologies in our Cookie Notice.
g. International Use. Your personal data will be stored and/or processed in the United States, as well as in the European Union, Canada, Hong Kong, Russia, Singapore, Switzerland, Thailand, Ukraine and the United Kingdom. By your use of the Services, you acknowledge that we will transfer your data to, and store your personal data in, the above countries, which may have different data protection rules than in your country, and personal data may become accessible as permitted by law in the above countries, including to law enforcement and/or national security authorities in the those countries. For transfers of data into and out of the European Economic Area, pursuant to Article 46 of the General Data Protection Regulation, we use data transfer agreements subject to EU-approved standard contractual clauses.
MODIFICATIONS AND UPDATES TO THIS PRIVACY NOTICE
This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice.
We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this Privacy Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice.
APPLICABILITY OF THIS PRIVACY NOTICE
This Privacy Notice is subject to the Terms of Service and Acceptable Use Policy that govern your use of the Services. This Privacy Notice applies regardless of the means used to access or provide information through the Services.
This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.
ADDITIONAL INFORMATION AND ASSISTANCE
If you have any questions or concerns about this Privacy Notice and/or how we process personal data, please contact us at email@example.com.
In addition, we have appointed a data protection officer (“DPO”) who is responsible for, among other things, responding to questions, requests, and concerns in relation to this Privacy Notice and our use of personal data. You may contact the DPO as follows:
Data Protection Officer
We have also appointed an EU Representative who may be reached as follows:
APPLAY TECH SAS
10 rue de Penthièvre
Last update: June, 12 2022