QommAdd Privacy Policy

2.1. Information You Provide Directly to Us

When you register for or use our Services, you may provide us with the following personal information:

• Account Information: Your name, email address, username, and password.
• Profile Information: Optional details such as your biography, profile photos, interests, affiliations, and other information you choose to add to your profile.
• Communication Content: All content you create, upload, send, or receive through the Services, including messages, posts, event descriptions, comments, and files (e.g., images, videos, documents).
• Customer Support Information: Information you provide when you contact our customer support, including the content of your communications.
• Survey and Feedback Data: Information you provide when participating in surveys, contests, activities, or providing feedback about our Services.

2.2. Information Collected Automatically

When you access or use our Services, we automatically collect certain information about your device and usage patterns.

• Usage Data: Information about how you interact with our Services, such as the pages or channels you visit, features you use, activities you engage in, timestamps of your interactions, and your interactions with other users or bots.
• Device Information: Information about the device you use to access the Services, including your Internet Protocol (IP) address, device type, operating system, browser type, unique device identifiers, device settings (e.g., microphone and camera access), and crash data.
• Location Information: We may collect approximate location information (e.g., derived from your IP address). With your consent, we may also collect precise geolocation data from your device.
• Cookies and Similar Technologies: We use cookies, pixels, and web beacons to collect information about your browsing activities, preferences, and interactions with our Services. This helps us to personalize your experience, analyse usage, and improve our Services. You will be provided with a cookie consent banner allowing granular control over non-essential cookies.

2.3. Information from Third Parties

We may receive information about you from third-party services that integrate with QommAdd or from other sources.

• Integrated Services: If you link your QommAdd account with a third-party service (e.g., social media platforms), that service may provide us with certain information about your use of their service, as permitted by your settings and their privacy policies.
• Analytics and Marketing Partners: We may receive information from analytics platforms (e.g., Google Analytics) or marketing partners to help us understand user behavior and measure the effectiveness of our campaigns.

2.4. User-Generated Content (UGC)

As a community platform, QommAdd relies on user-generated content. This includes all digital assets you create and share, such as text messages, uploaded files (images, videos, documents), event details, and comments. The nature of a community platform means that this content is often shared among multiple users or made publicly available within specific community contexts.

3.1. To Provide and Maintain the Services

To create and manage your account, deliver core functionalities of QommAdd (e.g., real-time communication, event coordination), personalize your experience, and facilitate purchases (if applicable in the future). This processing is necessary for the performance of our contract with you.

3.2. To Improve and Develop Services

To understand user behavior and preferences, analyze usage trends, identify insights, and develop new features and products. This is based on our legitimate interest in continuously improving our Services.

3.3. For Security and Fraud Prevention

To investigate and prevent security issues, combat abuse and spam, detect and address suspicious activity, and ensure the overall security and integrity of our platform and user data. This is based on our legitimate interest in maintaining a secure service and complying with legal obligations.

3.4. For Customer Support

To respond to your inquiries, provide technical assistance, and address any issues you may encounter. This is necessary for the performance of our contract with you and based on our legitimate interest in providing effective customer service.

3.5. For Marketing and Communication

To send you service updates, new feature announcements, and other relevant communications. We will obtain your consent where legally required for marketing communications.

3.6. To Comply with Legal Obligations

To process and retain certain information as required by applicable laws, for potential legal claims, regulatory compliance, and in response to lawful governmental requests.

3.7. To Protect Vital Interests

In rare circumstances, we may collect or share information if we believe it is necessary to prevent serious harm to a person.

4.1. With Third-Party Service Providers

We engage various third-party service providers to perform functions on our behalf and to help us operate, provide, and improve the Services. These include:

• Cloud Hosting Providers: For data storage and infrastructure.
• Analytics and Tracking Tools: To analyze usage patterns and improve our Services.
• Customer Support Systems: To manage and respond to your inquiries.
• Communication APIs: To facilitate messaging and other communication features.
• Marketing and Email Services: To send communications and manage marketing campaigns.

We enter into legally binding Data Processing Agreements (DPAs) or Data Processing Addendums with all third-party service providers that process personal data on our behalf. These agreements ensure that our processors implement sufficient data protection measures, process data only on our instructions, and comply with applicable data protection laws.

4.2. For Legal Reasons

We may disclose your information if we believe it is necessary to:

• Comply with any applicable law, regulation, legal process, or governmental request.
• Enforce our Terms of Use, including investigation of potential violations.
• Detect, prevent, or otherwise address fraud, security, or technical issues.
• Protect the rights, property, or safety of QommAdd, our users, or the public as required or permitted by law.

4.3. In an Emergency

We may disclose information in an emergency if we believe it is necessary to prevent death or serious bodily harm to any person.

4.4. Business Transfers

In the event that QommAdd is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

4.5. Aggregated or De-identified Information

We may share information that has been aggregated or de-identified so that it cannot reasonably be used to identify you. This information may be used for various purposes, including research, analytics, and improving our Services.

5.1. Standard Contractual Clauses (SCCs)

We utilize the European Commission's approved Standard Contractual Clauses, which are a common mechanism for ensuring adequate data protection during international transfers.

5.2. Adequacy Decisions

Transfers may occur to countries or specific sectors within countries that the European Commission has deemed to ensure an adequate level of data protection.

6.1. Right to Know/Access

You have the right to request a copy of the personal information we hold about you and information about how we use and share it.

6.2. Right to Rectification/Correction

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

6.3. Right to Deletion/Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal information under certain circumstances. Please note that due to the nature of a community platform, some content you have shared may remain visible if it has been re-shared by others or is integral to public conversations, though your identifying profile information may be removed.

6.4. Right to Opt-Out of Sale/Sharing (California Specific)

If you are a California resident, you have the right to opt-out of the sale or sharing of your personal information, including via a user-enabled Global Privacy Control (GPC).

6.5. Right to Limit Use of Sensitive Personal Information (California Specific)

If you are a California resident, you have the right to limit the use and disclosure of your sensitive personal information to specific purposes.

6.6. Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

6.7. Right to Object to Processing

You have the right to object to the processing of your personal information under certain conditions, particularly where processing is based on legitimate interests or for direct marketing.

6.8. Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

8.1. Encryption

We use comprehensive encryption protocols for data both in transit (e.g., SSL/TLS) and at rest.

8.2. Access Controls

Strict access controls are implemented, limiting internal access to personal data based on roles and necessity.

8.3. Regular Security Audits and Testing

We conduct periodic security audits, including penetration testing, to identify and address vulnerabilities.

8.4. Incident Response Plan

We maintain a well-defined incident response plan to promptly detect, report, and mitigate data breaches.

8.5. Employee Training

Our employees are regularly trained on data protection requirements and the importance of maintaining the security and confidentiality of personal information.

9.1. Account and Profile Data

Retained as long as your account is active. Upon account termination, we will delete or anonymize your personal information within 30 days, subject to legal or regulatory requirements.

9.2. Usage Logs and Analytics Data

Typically retained for 12-24 months for service improvement and analytics.

9.3. Legal and Financial Records

Retained as per regulatory requirements.

9.4. User-Generated Content

Retention policies for user-generated content may vary based on the nature of the content and community settings. We will provide clear instructions for users to request data deletion.