Why and who?

This Privacy Notice describes the privacy practices of Appic Management S.à r.l. (“Appic", "we", "us", "our") and our subsidiaries and affiliates (together the “Appic Group”).

Appic cares about privacy and protecting the Personal Data handled by us. In this Privacy Notice we describe how and the purposes for which we use your Personal Data as well as on what lawful basis we use and what measures we take to protect Personal Data. We also provide information on how you can exercise the rights you have linked to our Processing of Personal Data.

Appic is the Controller of all Personal Data listed in this Privacy Notice.

Appic acquires, developsand markets software, mobile and web-based applications that operate on Apple’s App Store and Google’s Play Store, amongst other platforms.

Intended recipient

This Privacy Notice explains how we handle the personal information of:

1. Business owners and developers who look to sell their mobile applications to us; and

2. Consumers who interact with us or mobile applications in our portfolio (“Portfolio Apps”) through the App Store or Google Play or visit our website: www.appic.io, or other sites we own and operate.

If you buy products or services from one of our Portfolio Apps, this Privacy Notice explains how we will process your information. The Processing of your information is also governed by the privacy statements of the App Store and Google Play. Depending on the territory in which you are located, other privacy policies or statements may apply.

Some of our Portfolio Apps may also have direct-to-consumer websites that have their own specific privacy notices and policies. Where applicable, our Processing of the information we collect on the Portfolio Apps’ sites is governed by the privacy notices and policies of those Portfolio Apps.

Definitions

"Applicable Law" refers to the legislation applicable to the Processing of Personal Data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or EU supervisory authority.

"Controller" is the company/organisation that decides for what purposes and in what way personal data is to be processed and is responsible for the Processing of Personal Data in accordance with Applicable Law.

"Data Subject" is the living, natural person whose Personal Data is being processed.

"Personal Data" is all information relating, directly or indirectly, to an identifiable natural person.

"Processing" means any operation or set of operations which is performed on Personal Data, e.g. storage, modification, reading, handover and similar.

"Processor" is the company/organisation that processes Personal Data on behalf of the Controller and can therefore only process the Personal Data according to the instructions of the Controller and the Applicable Law.

The definitions above shall apply in the Privacy Notice regardless if they are capitalised or not.

Appic's role as a Controller

The information in this Privacy Notice covers Personal Data Processing for which Appic is the Controller. As a Controller we are responsible for the Processing for which we decide the purpose of and the means for the Processing (what methods, what Personal Data and for how long it is stored). This Privacy Notice does not describe how we Process Personal Data in the role of a Processor - i.e. when we process Personal Data on behalf of our customers.

Appic's Processing of Personal Data

We have a responsibility to describe and demonstrate how we fulfil the requirements that are imposed on us when we Process your Personal Data. This section aims to give you an understanding of what type of Personal Data we Process, how and why we do it.

Data we collect about you

There are several different reasons why we may need to collect, manage and save your data. The main purpose of the data processing undertaken by us is to provide, carry out and improve the services offered by us and/or our Portfolio Apps to you.

We mainly process the following types of Personal Data:

• Identity Data: first name, last name, maiden name, username or similar identifier, marital status, title, date of birth gender.
• Contact Data: billing address, delivery address, email address and telephone numbers.
• Financial Data: bank account and payment card details.
• Transaction Data: includes details about payments to and from you and details of in-App purchases.
• Device Data: includes the type of mobile device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, the Internet Protocol (IP) Address assigned to your device, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, and/or time zone setting.
• Content Data: includes information stored on your device, including friends' lists, login information, photos, videos or other digital content, and/or check-ins.
• Profile Data: includes your username and password, in-App purchase history, your interests, preferences, feedback and survey responses.
• Usage Data: includes details of your use of any of our Apps or your visits to any of our websites including, but not limited to, traffic data and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
• Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
• Location Data: includes your current location disclosed by GPS technology.

How do we get access to your Personal Data?

We collect your Personal Data in a number of different ways. We mainly get access to your Personal Data:

• Information you give us. This is information (including Identity, Contact, Financial, and Marketing and Communications Data) you consent to giving us about you by filling in forms on the Portfolio Apps and/or our websites, or by corresponding with us (for example, by email or chat). It includes information you provide when you register to use a Portfolio App, download or register a Portfolio App, subscribe to any of our services, make an in-App purchase, share data via a Portfolio App's social media functions, enter a competition, promotion or survey and when you report a problem with a Portfolio App, our services, or any of our websites. If you contact us, we will keep a record of that correspondence.
• Business Acquisition. This is information we acquire in the context of an acquisition of a mobile application business and the Personal Data associated with that acquired business.
• Information we collect about you and your device. Each time you visit one of our websites or use one of our Portfolio Apps we will automatically collect personal data including Device, Content and Usage Data. We collect this data using cookies and other similar technologies. Please see our Cookie Policy here for more information.
• Location Data. We also use GPS technology to determine your current location. Some of our location-enabled services require your Personal Data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.
• Information we receive from other sources including third parties and publicly available sources. We will receive Personal Data about you from various third parties and public sources as set out below:
• • Identity and Contact Data from:
  • • social media e.g. Facebook or LinkedIn
    • publicly available sources like regulators and corporate registers
  • Device Data from:
  • • Analytics providers
    • Search engines
    • Our security systems and data logs
  • Contact, Financial and Transaction Data from:
  • • providers of technical, payment and delivery services
    • credit rating agencies

How we use your Personal Data

In order for us to be able to process your Personal Data, it is required that we have so-called legal basis for each process. In our business, we process your Personal Data mainly on the following grounds:

Consent: Appic may process your personal data after you have given your consent to the Processing. Information regarding the processing is always provided in connection to the request of consent.

Performance of a contract: The Processing is necessary for the performance of a contract entered between us and the Data Subject, or to prepare for entering into an agreement with the Data Subject.

Legitimate interest: Appic may process Personal Data if we have assessed that a legitimate interest overrides the interest of fundamental rights and freedoms of the Data Subject, and if the processing is necessary for the purpose in question.

Legal obligation: We are required by laws and regulations to process Personal Data as a result of our business.

Purposes for which we will use your Personal Data

Examples of the specific purpose or activity that we will use your Personal Data for, the type of Personal Data and the lawful basis for Processing that data are set out below. This is a non-exhaustive list.

For how long do we store your Personal Data?

We will keep your Personal Data as long as it is necessary for the purpose for which it was collected. Depending on the lawful basis on which we support the Processing, this may: (a) be regulated in a contract, (b) be dependent on valid consent, (c) be stated in legislation, or (d) following an internal assessment, be based on a legitimate interest assessment (“LIA”).

For purposes of compliance with applicable legislation (including tax) we are required by law to keep some basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers.

We never store your Personal Data longer than is necessary and delete Personal Data regularly. Appic also takes reasonable actions to keep Personal Data updated and to delete outdated and otherwise incorrect or redundant Personal Data.

In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

In the event that you do not use a Portfolio App for a period of six years then we will treat the account as expired and your Personal Data may be deleted.

Your rights

You are the one in control of your Personal Data and we always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.

Access: You always have the right to receive information about the Processing of data that concerns you. We only provide information if we have been able to verify that it is you that is requesting the information.

Rectification: If you find that the Personal Data we process about you is incorrect, let us know and we will fix it!

Erasure: Do you want us to completely forget about you? You have the right to be forgotten and request deletion of your Personal Data when the Processing is no longer necessary for the purpose for which it was collected. If we are required to retain your information under applicable law or a contract that we have entered with you, we will ensure that it is processed only for the specific purpose set forth in such applicable law or contract. We will thereafter erase the information as soon as possible.

Objections: Do you disagree with our assessment that a legitimate interest for Processing your Personal Data overrides your interest in protecting your privacy? Don't worry - in such case, we will review our LIA. Of course, we add your objection to the balance and make a new assessment to see if we can still justify our Processing of your Personal Data. If you object to direct marketing, we will immediately delete your personal information without making an assessment.

Restriction: You can also ask us to restrict our Processing of your Personal Data:

• whilst we are Processing a request from you for any of your other rights;
• if, instead of requesting erasure, you want us to limit the Processing of Personal Data for a specific purpose. For example, if you do not want us to send advertising to you in the future, we still need to save your name in order to know that we should not contact you; or
• in cases where we no longer need the information in relation to the purpose for which it was collected, provided that you do not have an interest in retaining it to make a legal claim.

Data portability: We may provide you with the data that you have submitted to us or that we have received from you in connection with a contract that we have entered with you. You will receive your information in a commonly used and machine-readable format that you can transfer to another personal data manager.

Withdraw consent: If you have given consent to one or several specific Processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately. Please note that you can only withdraw your consent for future Processing of Personal Data and not for Processing that has already taken place.

How you use your rights

Contact us at legal@appic.io and we will help you.

Transfer of personal data

In order to run our business, we may need help from others who will process Personal Data on our behalf, so-called Processors.

In cases where our Processors transfer Personal Data outside the EU/EEA, we have ensured that the level of protection is adequate, and in compliance with Applicable Law, by controlling that either of the following requirements are fulfilled:

• the EU Commission has determined that the level of protection is adequate in the third country where the data is processed;

• the Processor has signed up to the EU Commission's standard contract clauses (SCCs) for data transfer to non-EU/EEA countries; or

• the Processor has taken other appropriate safeguards prior to the transfer and that such safeguards comply with Applicable law.

We may also need to disclose your personal information to certain designated authorities in order to fulfil obligations under applicable law or legally binding judgements.

Our processors

Appic does not sell your Personal Data to third parties and of course we do not share your Personal Data with just anyone. However, in some cases we may need to share your Personal Data with selected third parties. If so, we make sure that the transfer happens in a secure way that protects your privacy. Set out below are categories of recipients with whom we may share your data.

1. Within our group. We may share your personal information between our subsidiaries and affiliates for the purposes of monitoring and optimising business performance and to improve the services which we provide to our customers

2. Service providers. We may share your personal information with third-party companies and individuals that provide services on our behalf or help us operate our website and services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).

3. Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

4. For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

5. Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporatedivestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honour this Privacy Notice.

Other sites, mobile applications and services

Our website may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Security measures

We use reasonable organizational, technical and administrative measures designed toprotect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain.

Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. In the event that we are required to notify you about a situation involving your data, we may do so by email or telephone to the extent permitted by law.

If we don't keep our promise

If you think that we are not Processing your Personal Data correctly, even after you have notified us of this, you are always entitled to submit your complaint to the Luxembourg Authority for Privacy Protection.

More information about our obligations and your rights can be found at www.cnpd.lu.

‍You can contact the authority via e-mail at: info@cnpd.lu.

Changes to this Privacy Notice

We reserve the rights to make changes to this Privacy Notice. In the event that the change affects our obligations or your rights, we will inform you about the changes in advance so that you are given the opportunity to take a position on the updated notice.

Contact

Please contact us at legal@appic.io if you have questions about your rights or if you have any other questions about how we process your personal information.

Additional information for consumers located in California

This section applies only to California residents. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.

​Please note that the www.appic.io website is designed for businesses and not intended for personal or household use. ​Accordingly, we treat all personal information about any visitors to www.appic.io as pertaining to individuals acting as business representatives, rather than in their personal capacity. ​

We do not sell personal information. Like most companies, we use cookies and other tracking tools to analyze website traffic and facilitate advertising. If you would like to opt out of our (and our third party advertising partners) use of cookies and other tracking technologies, please review the instructions provided in our Cookie Policy here.