Product Privacy Policy

Last updated: 08.03.2023

This is the privacy policy ("Privacy Policy") for the Flare tracking device and associated application provided by YFLab d.o.o., Celovška cesta 150, 1000 Ljubljana, Slovenia (EU), info@yourflare.io / info@getflare.eu ("YFLAB" or "we"/"us"/"our").We will only use the personal data gathered over the application as set out in this Privacy Policy.

We process personal data in accordance with the European legislation (Regulation(EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: “the General Regulation”)), the current Slovenian legislation in the field of personal data protection and other legislation, which gives us the legal basis for processing of personal data.

Data Protection Officer (DPO) has not been appointed.

Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.By using the application, you specifically consent to the collection, use and disclosure of your information (including personal data) in accordance with this Privacy Policy. We receive and/or you may be asked to provide your information (including personal data) any time you are in contact with us or use the application. 

As described in detail below, we share your information (including personal data) together with third-party partners (as defined below) and use it in ways consistent with this Privacy Policy. We may also use your information (including personal data) together with other information to provide and improve products, services and content.

The following summary provides you with a quick overview of the processing activities that are undertaken on our application. You will find more detailed information under the indicated sections below.

When you use the YourFlare application, we process your personal data in order to provide our services, provide customer support, monitoring of application usage, automatic error detection and application usage analysis, improve operational efficiency, tracking of Flare device and provide login credentials. 

Your personal data may be disclosed to third parties that might be located outside your country of residence; potentially, different data protection standards may apply.

We have implemented appropriate safeguards to secure your personal data and retain your personal data until you are a user of our application.

Under the legislation applicable to you, you may be entitled to exercise certain rights with regard to the processing of your personal data.

Personal data: means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.

Processing: means any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or any kind of disclosure or other use.

GDPR: Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive)

GNSS: Global Navigation Satellite System (GNSS) refers to a constellation of satellites providing signals from space that transmit positioning and timing data to GNSS receivers. The receivers then use this data to determine location.

In order to use the YFLAB application a registration of user is required (account creation). Regarding the registration of an account and its subsequent use, we process login credentials (names, email, user name and user’s chosen password).

Whenever you login into YFLAB application login credentials are processed to identify you as a user of YFLAB app.

We will process the personal data you provide to:
- Identify you at sign-in.
- Provide you with the services and information offered through the application or which you request
- Administer your account
- Communicate with you (customer support)

We process this data on the legal basis of Article 6(1)(b) of GDPR.

Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account exists. After the deletion of your account, your personal data will be blocked and erased with the next database clean-up. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

Our application and Flare device enable tracking of geolocation of Flare device and its usage (including battery status, firmware version, button presses on the device, sensors data, SSID).

Based on your use of the application and Flare device your location information is processed for a purpose of service provision.

We also process the following information once the Flare device is in use - SSID, BSSID, channel, type of protection and signal strength of WiFi access points in the vicinity. In case there are too few WiFi access points device tries to get the GNSS location. If no data on access points or/and GNSS data is obtained we also try obtaining information about the local mobile networks around, if such information could not be obtained - no data is processed.

We process this data on the legal basis of 6(1)(b) and Article 6(1)(a) of GDPR.

Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account exists. After the deletion of your account, your personal data will be blocked and erased with the next database clean-up. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

We apply:

- Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA as a provider and operator of Firebase (used for messaging) and Google Cloud (used as a server). Google has incorporated Model Contract Clauses in its Terms of Service.

- Google Ireland Limited, Gordon House Barrow Street Dublin 4, D04E5W5 Ireland, provider and operator of Google Maps, Google Places,
Google Geolocation, Google Sign In and Google Pay. Google Privacy Policy
- Stripe, Inc. 510 Townsend Street, California (USA) as a payment service provider. Stripe's Privacy Policy governs Stripe processing.

- Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg as a server provider. AWS Privacy Policy governs Amazon's processing.

As YFLab processors of your personal data in order to provide you services with the YFLAB application.

We may disclose anonymous aggregate statistics about users of the application in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personal data.

We may disclose your personal data to our contractors who assist us in providing the services we offer through the application. Such a transfer is based on data processing agreements. Therefore, our contractors will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with our requests.

In the event that we undergo re-organization or are sold to a third party, any personal data we hold about you may be transferred to that re-organized entity or third party in compliance with applicable law.

We may disclose your personal data if legally entitled or required to do so (for example if required by law or by court order).

Within the scope of our information sharing activities set out above, your personal data is not transferred to third countries (including countries outside the EEA).

We have reasonable state-of-the-art security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.You should bear in mind that the submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our application whilst it is in transit over the internet and any such submission is at your own risk.

We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as you are a user of the YFLAB application.

If a user account is not activated (confirmed upon email link) within 24 hours after receipt all data is deleted.

If a user disconnects the Flare device from the application the associated information is retained for a period of 5 years for the purpose of support and application administration unless the user account is deleted. In such a case, the data is deleted from the account.

Device status history is retained for a period of 1 year or until the deletion of the user account.

In the case of exercising the rights of an individual, the company stores the personal data of this individual until a final decision has been made on the matter, and aftert he final decision in accordance with the final decision in the case.

Under the legislation applicable to you, you may be entitled to exercise some or all of the following rights:
1. require (i) information as to whether your personal data is retained and (ii) access to and/or duplicates of your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
2. request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
3. refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to the processing of your personal data at any time;
4. object, on grounds relating to your particular situation, that your personal data shall be subject to processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
5. take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as lodge complaints before the competent data protection regulators;
6. require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller; and/or
7. not to be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or affect you with similar significance.

You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us using the contact details set out below.

In the decision on the individual's request, the company will also inform the individual of the reasons for the decision and information about the right to appeal to the supervisory authority within 15 days of being informed of the decision. Individuals can exercise their right to file a complaint with the supervisory authority at: Information Commissioner of the Republic of Slovenia at the address: Dunajska cesta 22, 1000Ljubljana (e-mail address: gp.ip@ip-rs.si, website: www.ip-rs.si).

Please submit any questions, concerns or comments you have about this privacy policy or any requests concerning your personal data by email to info@yourflare.io or info@getflare.eu.

The information you provide when contacting us will be processed to handle your request and will be erased when your request is completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.

We reserve the right to change this policy from time to time by updating our application respectively. Please visit the application regularly and check our respective current privacy policy. This policy was last updated on the 8th of March 2023.