Download_on_the_App_Store_Badge_US-UK_RG
google-play-badge.png

© 2019 Costs. All Rights Reserved.

PRIVACY POLICY

 

Effective date 25th of September, 2019

 

This Privacy Policy explains what personal data is collected when you (you) use Costs mobile application, provided by COSTS.EE OÜ (we, us), and how such personal data will be used and shared.

 

Please read this Privacy Policy carefully before using Costs.  We may update this Privacy Policy from time to time and in this case, we will notify you about it. Our Terms of Service is available here https://costs.ee/eula.

 

YOU ASSERT THAT YOU ARE EITHER OF LEGAL AGE (18 YEARS OLD), OR AN EMANCIPATED MINOR, OR POSSESS PROOVABLE LEGAL CONSENT OF YOUR PARENT, CARETAKER OR GUARDIAN, AND YOU ARE HAVING THE POWER AND COMPETENT TO ENTER INTO AND TO COMPLY WITH THESE TERMS OF SERVICE.  IN CASE IF YOU ARE UNDER THE AGE OF 13 YEARS OLD, PLEASE DO NOT USE COSTS.

    1. DEFINITIONS

    1.1. “Personal Data” means is any data that could potentially be used to identify a particular person.

    1.2. “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

    1.3. “EEA” includes all current member states to the European Union and the European Economic Area.

    1.4. “Process” or “Processing”, in respect of personal data, includes to collection, storage, and disclose to third parties.

 

    2. GENERAL

    2.1. We acknowledge and understand your privacy and make efforts to protect it against any unlawful Processing of your Personal Data. 

    2.2. We apply all necessary relevant technical and organizational measures to protect your Personal Data in accordance with the effective legislation. Processing includes protection against unauthorized or illegal processing, against accidental loss, destruction or damage while applying suitable technical and/or organizational measures. 

    2.3. Although we will take diligent efforts to ensure safe storage and processing of Personal Data, we cannot guarantee it to be 100% secure and risk-free. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of your information at any time.

    3. CATEGORIES OF PERSONAL DATA COLLECTED

    3.1. Data provided by you. When you register for and/or use Costs, you provide us with your e-mail and password. When you decide to use “Bank Cards” option of Costs, we WILL NOT collect your financial account’s login and password.

    3.2. Device data. We collect data about your mobile device. Examples of such data include device settings, model of a device, hardware ID, operating system, language settings, IP address, and time zone. 

    3.3. Usage data. We record how you interact with Costs. For example, the features, and content you interact with the most, how often you use Costs.

    3.4. Location data. If you have enabled location services on mobile device, we collect location information in order to allow you to create user content (to save the location where particular transaction have happened). You can disable location services on your phone settings.

    3.5. Data provided by third parties. 

    3.5.1. When you use Bank Cards option of Costs we collect your financial account data, which includes bank transactions information and bank id. We use Salt Edge Inc. services for this purpose. Salt Edge privacy policy is available here

    3.5.2. When we send you information about costs, such as for example, special offers we use Mailchimp service, provided by Rocket Science Group LLC. We send you e-mails through Mailchimp we collect your pc data, PC operation system data, IP address, time when you opened e-mail and your browser ID. This data is stored on only on Mailchimp servers. Mailchimp privacy policy is available here .

    3.6. System logs and maintenance. For operation and maintenance purposes, Costs may collect files that record interaction with application (System logs) use IP address for this purpose.

 

    4. PURPOSES FOR COLLECTION OF PERSONALLY IDENTIFIABLE DATA

    4.1. Provision of Service. We collect Personal Data to provide Costs and its services to you. It includes enabling you to use the Service in a seamless manner and preventing or addressing Service errors or technical issues.

    4.2. Communication regarding use of Service. We may communicate with you by push notifications or e-mails. Such communicating may include messages and reminders encouraging you to use Costs, or other information about the Costs. You may opt out of receiving push notifications by changing the settings on your mobile device. We may collect data concerning the date and time when the message was viewed by you, as well as when you interacted with it, such as by clicking on links included in the message. 

    4.3. Management of accounts and provision of customer support. We process Personal Data to respond to your requests for technical support or to any other communication that you initiate. This includes accessing your account to address technical support requests. We may send you notifications or emails about the performance of Costs, its services, security, payment transactions, notices regarding Costs Terms of Service or this Privacy Policy.

    4.4. Sending of marketing communications. We process Personal Data for marketing purposes. You may receive information about products, such as for example, special offers. We may also send push notifications for marketing purposes. To opt out of receiving push notifications, You need to change the settings on device.

    4.5. To enforce our Terms of Service and to prevent and combat fraud. We use Personal Data to enforce agreements and contractual commitments, to detect, prevent, and combat fraud. We may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with Terms of Service).

    4.6. Researching and analyzing of use of Costs. We perform researching and analyzing to, maintain, improve, innovate, plan, design, analyze operations, and to modernize Costs. This data is also used to test and improve offers and for statistical analysis purposes. It allows bettering understanding what features users like more. 

 

    5. INFORMATION FOR EEA BASED USERS

    5.1. Legal basis for processing of personally identifiable data. This section explains what legal basis we use for each particular purpose of processing. For more information on a particular purpose, please refer to Section 4 of this Privacy policy. This section applies only to EEA-based Users. We process EEA-based User’s Personally identifiable data under the following legal bases:

​    5.1.1. To perform our contract with users. Under this legal basis we: 

    5.1.1.1.provide services embodied in Costs (in accordance with Costs Terms of Service);

    5.1.1.2.manage users accounts and provide users with customer support; 

    5.1.1.3.communicate with users regarding use of Costs;

    5.1.2. For other legitimate interests, unless those interests are overridden by user’s interests or fundamental rights and freedoms that require protection of personal data Costs relies on legitimate interests:

    5.1.2.1.to communicate with you regarding your use of Costs. This includes, for example, sending push notifications. Our legitimate interest here is interest to encourage user to use Service more often. We also takes into account the potential benefits to you of using Costs.

    5.1.2.2.to research and analyze your use of the Costs. The legitimate interest for this purpose is interest in improving Costs so that we understand users preferences and able to provide user with a better experience.

    5.1.2.3.to send marketing communications  The legitimate interest we rely on for this processing is interest to promote Costs in a measured and appropriate way.

    5.1.2.4.to enforce Terms of Service and to prevent and combat fraud. The legitimate interests for this purpose are enforcing our legal rights, preventing and addressing fraud and unauthorized use of Costs, non-compliance with our Terms of Service.

    5.1.2.5.to comply with legal obligations.

    5.2. EEA-based user rights. Users who based in the EEA have the following rights in addition to the above:

    5.2.1. Right to rectification. User has the right to request to rectify, without undue delay, any incorrect data pertaining to the respective User.

    5.2.2. Right to limitation of processing. User can limit the use of Personally Data collected.

    5.2.3. Right of access. User may request a copy of Personal Data collected during use of Costs at  info@costs.ee .

    5.2.4. Objecting to or restricting the use of Personal Data. User can ask to stop using all or some portion of Personal Data or limit use thereof by requesting its erasure as described above or sending a request at info@costs.ee

    5.2.5. The right to lodge a complaint with supervisory authority. User has the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where user resides, work or where the alleged infringement has taken place.

    5.2.6. The right to data portability. User can receive Personal Data in a machine-readable format by sending respective request at info@costs.ee.

    5.3. Exercise the rights. To exercise your right to access you have a right to request from the us  at any time:

    5.3.1. Confirmation as to whether Personal Data related to you processed by us, purpose of the Processing, the data category and recipients of such data or the categories of recipients’ data is disclosed to.

    5.3.2. Information as to the logic of any automated processing of Personal Data pertaining to natural persons, at least in the case of automated decisions under the provisions of the GDPR.

    5.3.3. Upon request we provide information free of charge. However, we  may charge a reasonable fee if request is clearly unfounded, repetitive or excessive. Alternatively, we  may refuse to comply with your request in these circumstances.

    5.3.4. Upon filing of a request by an authorized person, the notarized power of attorney must be attached to the request.

    5.3.5. In case of death of the natural person, his / her rights are exercised by his / her heirs and the certificate of heirs shall be attached to the request. The heritage should be confirmed by respective certificate, issued in the death person’s jurisdiction.

    5.3.6. We shall review and pronounce on the request within 1 month as of its filing. This period may be extended by further two months, if necessary, for example, if your request is particularly complex or you have made a number of requests . We shall inform you as to any such extension within 1 month as of receipt of the request, stating the reasons for the delay. When you file a request by electronic means, the information is provided electronically, if possible, unless the you have requested otherwise.

    5.3.7. We may provide an answer to the requesting person taking into account their preferred form for the provision of the information (orally or in writing - as a hard copy or electronically).

    5.3.8. Where data do not exist or their provision is forbidden by law, access of the requesting party to such data is refused.

    5.3.9. You are not satisfied with the response received and / or believes that your rights related to Personal Data protection were violated, you are entitled to exercise your right to defense.

 

    6. DISCLOSURE OF PERSONAL DATA

    6.1. We may disclose Personal Data to the following categories of persons:

 

Service providers.

Acting as processor or controller based in the EEA but also around the world who provide - services and IT and system administration services. 

    a). Managing contacts and sending messages

    (1) Firebase Cloud Messaging (Google LLC). Firebase Cloud Messaging is a message sending service provided by Google LLC. Firebase Cloud Messaging allows the us to send messages and notifications to users across platforms such as Android, iOS, and the web. Messages can be sent to single devices, groups of devices, or specific topics or user segments.

Personal Data collected: various types of Data as specified in the privacy policy of the service. 

Place of processing: United States – Privacy Policy. Privacy Shield participant. 

    (2) Mailchimp (Rocket Science Group LLC) Mailchimp is a e-mail sending service provided by Rocket Science Group LLC. Mailchimp allows us to send e-mails to users across the web.

Personal Data collected: e-mail. 

Place of processing: United States – Privacy Policy. Privacy Shield participant. 

 

    b). Hosting and back-end infrastructure

    (1) We use Amazon Web Services (Amazon Web Services  Inc.) infrastructure to store your data  This service has the purpose of hosting data and files that enable Costs to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts Costs.

Personal Data collected: various types of Data as specified in the privacy policy of the service. 

Place of processing: United States – Privacy Policy. Privacy Shield participant.

 

    c). Financial account synchronization 

    (1) We use Salt Edge, which enables us to connect with your bank accounts for purposes of providing services embodied in Costs. 

Personal Data collected: various types of Data as specified in the privacy policy of the service. 

Place of processing: Canada – Privacy Policy. Privacy Shield participant. 

 

    d). Application analytics.

    (1) Firebase Analytics (Google LLC). Analytics service provided by Google LLC. It allows us to gather analytics about the app usage.

Personal Data collected: various types of Data as specified in the privacy policy of the service. 

Place of processing: United States – Privacy Policy. Privacy Shield participant. 

    (2) Facebook Analytics. Analytics service provided by Facebook. It allows us to gather analytics about the app usage and Facebook Ads services.

Personal Data collected: various types of Data as specified in the privacy policy of the service. Place of processing: United States - https://www.facebook.com/policy.php .

    (3) Sentry. Sentry is a real-time error tracking for your web apps, mobile apps and games, which gives developers the insight needed to reproduce and fix crashes. Personal Data collected: various types of Data as specified in the privacy policy of the service. Place of processing: United States – https://sentry.io/privacy/

 

Professional advisors. 

Acting as a processor or joint controllers including lawyers, bankers, auditors and insurers based in Estonia who provide consultancy, banking, legal, insurance, and accounting services

 

HM Revenue & Customs, regulators and other authorities.

acting as a processor or joint controllers based in the EEA who require reporting of Processing activities in certain circumstances.

 

Third parties. 

Third parties to whom we may choose to sell, transfer, or merge parts of business or assets.

 

​6.2. We will never disclose Personal Data to persons to enable them to provide you with information regarding unrelated goods or services.

 

    7. PLACE

    7.1. Personal Data is processed at our operating offices and in any other places where the parties involved in the processing are located. Depending on your location, data transfers may involve transferring of your Personal Data to a country other than your  own. To find out more about the place of processing of such transferred, You can check section 6 of this Privacy Policy.

    7.2. You are also entitled to learn about the legal basis of data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your. If any such transfer takes place, you can find out more by checking the relevant sections of this Privacy Policy or inquire with the Owner using the information provided in the contact section.

 

    8. RETENTION TIME

    8.1. Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

    8.2. Personal Data collected for purposes related to the performance of a contract between you and us shall be retained until such contract has been fully performed.

    8.3. Personal Data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfil such purposes. You may find specific information regarding the legitimate interests in this Privacy Policy.

    8.4. Once the retention period expires, your Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

    9. AGE LIMITATION

    9.1. We do not knowingly Process any Personal Data from persons under 13 years of age. If you learn that anyone younger than 13 has provided us with Personal Data, please contact us at info@costs.ee .

    10. INFORMATION ON DATA CONTROLLER

    10.1. COSTS.EE OÜ, a company registered in Estonia (with registered office at Harju maakond, Tallinn, Kesklinna linnaosa, Roosikrantsi tn 11-256, 10119) will be the controller of your Personal data. For any questions, concerning account or Personally data please contact us at info@costs.ee.