Privacy policy

This document provides information on how YOUR PASS, s.r.o., based at Prague 4 - Chodov, Türkova 2319/5b, the City of Prague district, postcode 149 00, Company ID: 24809888, file reference: C 176332 maintained by the Municipal Court in Prague (“Yourpass“ or “we”) maintains your privacy when you use the YourWallet mobile app as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “YourWallet” or “Application”). 

 

Who is responsible for data processing and whom you can contact. The primary person responsible for processing Your personal data is Yourpass. You can contact us anytime at  complaints@yourpass.eu. We will respond to your query as soon as practically possible but always in the statutory required time period.

The data collected by YourWallet. The application collects several categories of data as further described below in this document. Based on your use of the application, when you use it do display virtual card in .pkpass format, we are technically capable of connecting the data collected by the application with personal data provided to us by issuer of your virtual card (“Connected Services”). We are not merging data collected for different purposes nor share the data collected by the application with anyone for the purposes not described in this document.

 

Legal basis of processing: Yourpass processes personal data in accordance with the provisions of the European General Data Protection Regulation (“GDPR”) and the Czech Act No 110/2019 Sb. Personal Data Processing Act and any other data privacy legislations as may be applicable. For individuals from the European Economic Area (“EEA”), the requirements of the GDPR shall apply.  Yourpass, as the controller, collects and processes your personal data only where it has a legal basis for doing so under the GDPR..  Yourpass collects and processes your personal information where:

  • It satisfies a legitimate interest which is not overridden by your data protection interests or your fundamental rights and freedoms;

  • It is necessary to enable use of the application and protect the security of the application and connected services;

  • You provide your consent for a specific purpose; or

  • It is necessary to comply with a legal obligation.

Personal Data Collected Based on Consent. Location data.  We ask your consent to process the location data of your mobile device to provide you location based services connected with your virtual card in .pkpass format. Location data will be used to display different dynamic content of your virtual card based on your physical location.

Personal Data Collected for Legitimate Business Interest. We use the personal data collected by the application for legitimate business purposes, including in order to: (i) help us improve the application and develop new version of the application and the Connected Services (v) comply with any applicable law, court order, other judicial process, or the requirements of a regulator (vii) protect the rights, property or safety of us or third parties, including other users of the application or the Connected Services, (viii) provide support and network and information security for the Connected Services, (ix) to detect, prevent, mitigate and investigate fraud or illegal activities and monitor suspicious activity, and (x) as otherwise required or permitted by law.

What data protection rights do you have. Regardless of other rights you might have under the laws of your country, according to the GDPR and the Personal Data Processing Act you have: (i) right to information under Article 15 GDPR; (ii) right to rectification according to Article 16 GDP; (iii) right to deletion according to Article 17 GDPR; (iv) right to restriction of processing according to Article 18 GDPR; (v) right to object from Article 21 GDPR; as well as (vi) right to data portability from Article 20 GDPR. In addition, there is a right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR).

Children’s Privacy. The application is not intended to be used by persons less than 13 years of age. We do not knowingly collect or process personal data of children, and we do not knowingly market the application to children. If you are under 13 years of age, do not use the application.

What categories of data YourWallet collects and how we use them (Purpose of processing). Depending on how you use the application, several categories of personal data may be collected and processed for the following purposes:

  • General use of the application: 

    • Image data obtained from your device’s camera to digitize your physical card by scanning a barcode (data not processed by Yourpass, remain on your device)

    • Unique identification of the device 

    • IP address: Collecting of your IP is inherent whenever the application connects to our severs, IP address is anonymized immediately upon collection by the process described at: https://support.google.com/analytics/answer/2763052?hl=en

    • Location data

  • Analytics and crash reporting:

    • Application data: information relating to how the application functions, crash reporting

    • Device data: information on hardware and operating system of your mobile device, it’s unique identifiers and unique  stateinformation

    • Location data: physical location of a device at the time of crash, 

    • Usage data: your behavioral actions within the application’s interface

How long will your personal data be processed. Yourpass processes and stores your personal data as long as it is necessary for the respective purpose. If the data are no longer required, they will be deleted regularly, unless their - temporary - further processing is necessary for purposes and within the scope of the statutory requirements.

Location of processing and transfer of your personal data. Your personal data will be transferred to and hosted on servers within the European Economic Area. Transfer of your personal data (for example when our 3rd party service providers need to access the data) will only happen to a country that the European Commission has decided provides adequate protection for personal data, to a recipient that has achieved binding corporate rules authorization in accordance with GDPR, to a recipient in the United States that has certified its compliance with the EU-US Privacy Shield, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.

 

3rd party services. When processing your personal data, Yourpass shares data collected by application with following 3rd  parties (sub-processors):

  • Google. We use Google Analytics and Firebase Crashlytics services for analytics and crash reporting

Confidentiality of processing.  Yourpass maintains a strict confidentiality about your personal data and processes your personal data on the need to know basis and in the minimum extent required for the purposes outlined above. The same applies for 3rd party services used by Yourpass. 

 

Security. We have reasonable technical and organizational measures in place to protect against unauthorized or unlawful processing and against the accidental loss, destruction or damage of the information under our control. Data collected by the application are protected by physical, electronic and organizational procedures, including secure sockets layer (SSL) encryption technology. However, no data transmission over the Internet can be guaranteed as 100% secure or error free. 

Changes to this Privacy Policy. Please check this document on a regular basis to inform yourself of any changes. Business needs and information technology are constantly changing and we may, from time to time, make changes to the way we collect and process information. Revised policy will be effective on the date of effectivity as stated below.

 

Effective Date: 1.7.2020