- Data Controller
- The Data We Collect From You
- How We Use Your Data
- Who We Share Your Data With
- How Long We Retain Your Data
- Your Rights Relating to the Use of Your Data
- How We Secure Your Data
- Special Information for Individuals Located in the European Economic Area
- International Data Transfers
- Policy on Cookies and Similar Technologies
- Links to Third Party Sites
- Age Restrictions
- How to Contact Us
1. DATA CONTROLLER
Down provides services to users throughout the world. However, Down processes personal data inside of the United State only. Down does not transfer data of its users outside of the United States.
Down’s data controller is:
2212 Queen Anne Ave N 710
Seattle, Washington 98109
Regardless of your location, Down is the only controller of your personal data all your data is located within the United States, and none of it is transferred outside of the United States.
2. THE DATA WE COLLECT FROM YOU
In order for you to utilize our Services, including but not limited to, creating a user account and being matched with other users, we collect the following data from you:
2.1 Data You Provide
- Account Creation:Down collects certain personal data from you when you create or update your account and/or sign-up for the Services. This may include contact information (such as your full legal name, physical address, email address, gender, birthday, phone number), a photograph, occupation, current city, and payment and/or billing information (including your credit card number and billing address). To add certain content such as pictures to your account, you may grant us to access your device, including its camera or photo album. You may also provide what is classified as “special categories” of personal data under applicable law, such as your race, ethnicity, religion, philosophical or political views, and information relating to your sex life or sexual orientation. By choosing to provide this data, you consent to our processing of that data, which consent may be revoked by you at any time.
- Correspondence with Down: Down may collect personal data from you if you contact us for customer service purposes and to resolve any issues or answering any questions you may have. In addition, if you participate in any surveys or research groups, we will also be collecting your insights into our products and services, as well as responses to any questions or prompts included in such surveys or research groups. If you choose to enter into any contests we offer, we will also be collecting any data from you that is required to register for entry.
- Data You Provide Through Facebook: In order to register for certain Services, you will be asked to sign in using your Facebook account. If you do so, you are authorizing us to access and process certain private data connected with your Facebook account, including, your name, email address, birthday, work history, education history, current city, pictures stored on Facebook, and the names, profile pictures, relationship status, and data about your Facebook friends.
- Referrals: We encourage you to refer your friends to use our Services by sending us your friends’ email addresses or phone numbers. We will keep this data in our database, and enable you to send these friends a one-time email or text message from your device containing your name and inviting them to use our Services. This email will also include instructions on how to opt out and unsubscribe from our email list. You agree that you will not abuse this feature by entering the email addresses or phone numbers of those individuals who would not be interested in using our Services.
- Matching with Users: When you use our Services, and are matched with another user, you may be communicating with that other user. In such an instance, we may be receiving content on your behalf, anonymizing such data, then distributed it to another user.
2.2 Data We Automatically Collect When You Use the Services
When you access or use our Services, we automatically collect data about your use of the Services, including:
- Log Data: Whenever you user our Services, we collect data automatically that your browser sends to us that is called Log Data. This Log Data may include data such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
- Device Data: We collect and store data about the computer or mobile device you use to access our Services, including your mobile device's unique ID number (e.g., IMEI, AD ID), your geographic location, the hardware model, operating system and version.
- Email Data: Email messages we send to you may contain code that enables our database to track your usage of the e-mails, including whether the e-mail was opened and what links (if any) were clicked.
- Usage Data: We may collect data about your participation and actions within our Services, such as the accounts you view, how you browse the Services and related insights. It can also include the various functions and features that you use, the connections you make, others you invite or refer to the Services and searches you perform.
3. HOW WE USE YOUR DATA
We use the data that we have about you to provide to personalize our Services so that they can be more relevant and useful to you and others. We collect, store and use your personal data to provide our Services to you as follows:
3.1 Account Administration
Your personal data is necessary to allow you to utilize the basic functionality of the Services, which includes: (i) creating and updating your user account; (ii) verifying your identity; (iii) processing payments; (iv) providing you notices about your account, such as for renewal and expirations; (v) notifying you about changes to our Services; (vi) providing customer support, such as responding to emails, questions, comments, requests and/or complaints sent by you to Down; (vii) performing internal operations necessary to provide our services, including to troubleshoot software bugs and operational problems; (viii) investigating or addressing claims or disputes relating to your use of the Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries; (ix) storing information about your preferences so that we may customize our Services according to your individual interests; and (x) recognizing you when you return to our Services.
3.2 Matching Communications
When both you and your match explicitly express mutual interest by both clicking the “LIKE” button within the Services, we will seek to connect you with him/her by sending you a notification through the application. However, note that your match will now be aware of your actual phone number you provided to us as we do not share your phone number with your match during this process; all match communications are kept within the application for your protection. We will also share your first name at this time with your match. Your use of Down is not contingent upon agreeing to receive text messages.
3.3 Company Communications
We will contact you through email, mobile phone, notices posted on our websites or applications, messages to your account, and other ways through our Services, including text messages and push notifications. We will send you messages about the availability of our Services, security, or other service-related issues. We also send messages about how to use the Services, network updates, reminders, matches and promotional messages. You may change your communication preferences at any time. However, please be aware that you cannot opt-out of receiving service messages from us, including service announcements, security alerts, update notices, or other administrative messages.
3.4 Marketing & Advertising Communications
We may send emails to you for marketing and advertising purposes, such as for newsletters, new product offerings, special discounts, event notifications, and special third-party offers. You may opt-out of receiving promotional emails and other promotional communications from us at any time via the opt-out links provided in such communications, by e-mailing email@example.com or by visiting https://downapp.com/manage-my-data.
3.5 Online Surveys
We may periodically contact our users to conduct voluntary user surveys. We encourage our members to participate in such surveys because they provide us with important information regarding the improvement of Down. We do not link the survey responses to your name or email address, and all responses are anonymous.
3.6 Development of the Services
We use the private data we receive, including feedback, to: (i) monitor and analyze trends; (ii) further develop our Services in order to provide you and others with a better, more intuitive and personalized experience; (iii) drive membership growth and engagement on our Services; (iv) to better help match users to each other; (v) to speed up your searches; and (vi) to estimate our audience size and usage patterns.
3.7 Industry Related Research & Publications
We use the data gathered from you and about your use of our Services to continue our research into successful relationships, including how to create and foster these relationships, so that we may continue to improve our Services.. However, all of your responses will be kept anonymous, and we assure you that no personal data will be published. We may combine non-personally identifiable information (“non-PII”) we collect with additional non-PII collected from other sources for our blog. You can opt out of this at any time by emailing us at firstname.lastname@example.org or by visiting https://downapp.com/manage-my-data.
We use your data to help provide the Services to you, to further develop and personalize the Services, to be able to match you with other users, to be able to communicate with you, to conduct services, to conduct research, and to send you marketing communications. You have a right to opt-out of any marketing communications by clicking the link in the email to unsubscribe or by emailing us directly at email@example.com or by visiting https://downapp.com/manage-my-data.
5. HOW LONG WE RETAIN YOUR DATA
Down only retains user profile and other data as long as you have a user account and utilize the services. You may request deletion of your account at any time by emailing Down at firstname.lastname@example.org and making such request. Upon receipt of a request to delete your account and data, Down will delete your account within forty-eight (48) hours after request.
However, since we are subject to compliance with different laws in place around the world relating to regulatory, tax, insurance or other requirements in the field in which it operates, Down will maintain data related to the foregoing, which may include transaction history, for seven (7) years. Thereafter, Down will delete such data in accordance with applicable laws.
We maintain your personal data as long as you have an active user account. We can delete your user account upon request, but will still be required to maintain certain personal data to comply with legal obligations for a period of seven (7) years after removal of your account.
6. YOUR RIGHTS RELATING TO THE USE OF YOUR DATA
We at Down want you to have complete control of your data, and therefore, you always have the right to:
- Access any of your personal data we hold about you;
- Review and/or edit your personal data;
- Ask us to erase any personal data we hold about you;
- Ask us to not use your personal data for direct-marketing purposes;
- Restrict the way we process your personal data;
- Have your personal data provided to a third-party provider of services;
- Withdraw your consent at any time for any instances where you provided your consent;
- Have a copy of any personal data we hold about you; and
- Object to our processing of your personal data.
You may review or edit your profile as you wish by logging into your Down account. If you would like to have us delete your account information, we may do so by deactivating your account first and then permanently deleting your account – to do so, please email us at email@example.com or please visit https://downapp.com/manage-my-data to exercise the rights discussed above. If your account is deactivated or you ask to close your account, you will no longer be able to use the Services. We will use commercially reasonable efforts to honor your request; however, certain data may persist internally or for our administrative purposes subject to the records retention policy discussed in Section 5.
You can access, update and/or delete your personal data by visiting your account, emailing us at firstname.lastname@example.org or visiting https://downapp.com/manage-my-data. You have many choices about how your data is collected, used and shared and we will help facilitate any of those choices you wish to pursue. Even if you delete your account, however, certain personal data may be kept for record retention purposes as previously discussed in Section 5.
7. HOW WE SECURE YOUR DATA
We use Secure Sockets Layer (SSL) software to encrypt the data you enter on our Services in order to protect its security during the transmission of data. When storing data, we protect its security by encryption and pseudonymization of critical data. When our payment processor process credit card data and payments, the credit card is subject to tokenization and strong security measures.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer data. Our security procedures require us in some cases to request proof of identity before disclosing personal data to you. To protect against unauthorized access to your account and data, we implement session management and login expiration mechanisms. As an additional safety measure, be sure to sign off when you finish using your account and your computer.
Although we use reasonable organizational, technical and administrative measures to protect your personal data, it is unfortunately true that no data transmission over the Internet can be guaranteed to be 100% secure. Consequently, please note that while we do our best to protect your personal data, we cannot fully guarantee the security of any personal data you transfer over the Internet. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in our Services.
If you believe that your interaction with us is no longer secure or that your account has been otherwise compromised, please contact us immediately at email@example.com.
Our data transmissions are secured through encryption, and we also monitor for and try to prevent security breaches. However, no data transmissions over the Internet can ever be guaranteed to be 100% secured. Please use the security features available through our Services and do not hesitate to email us at firstname.lastname@example.org if you believe your account security has been compromised.
8. SPECIAL INFORMATION FOR INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA
Beginning May 25, 2018, the processing of personal data of users within the European Economic Area (EEA) is subject to the EU General Data Protection Regulation (“GDPR”). This section summarizes Down’s grounds for processing personal data under the GDPR, and the rights of such users as it relates to Down’s handling of personal data.
A. EU User Rights
If you are located within the EEA, you have the following rights with respect to how Down handles your data:
- Requesting Explanations of What Data of Yours Down Stores and How It Is Used - You have the right to request an explanation of the data that Down has about you and how Down uses that data.
- Requesting Copies of Your Data - You have the right to receive a copy of the data that Down collects about you if collected on the basis of consent or because Down requires the data to provide the services that you request.
- Requesting Correction to Your Data - If Down has data about you that you believe is inaccurate, you have the right to request correction of your data.
- Requesting Your Data to be Deleted - You may request deletion of your user account at any time by emailing us at email@example.com or visiting https://downapp.com/manage-my-data. We may retain certain data about you as required by law and for legitimate business purposes permitted by law, which is further discussed in Section 5.
- Requesting Your Data to be Transferred: Upon your request, we will transfer your data to a third party.
- Filing an Objection or Complaint – Users in the EAA have the right to object to Down’s processing of personal data, including for marketing purposes based on profiling and/or automated decision making. Down may continue to process your data notwithstanding the objection to the extent permitted under GDPR. Users in the EAA also have the right to file a complaint relating to Down’s handling of your personal data with their local Data Protection Authority (“DPA”). To find the best DPA to contact and lodge your complaint, please visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. You may also submit complaints or objections directly to Down by emailing firstname.lastname@example.org.
In order to allow you to easily exercise any of your rights, we have created a page where you can submit any of the above request. The page can be found by visiting https://downapp.com/manage-my-data.
B. Legal Basis for Processing Your Data
The GDPR requires that companies processing the personal data of EEA users do so on the basis of specific legal grounds. As such, Down will only process your personal data in the following situations:
- The Processing is Necessary to Perform Our Contract with You. Down must collect and use certain data in order to provide its services that you have contracted with Down for. This includes user data that is necessary to establish and maintain your account, facilitate matching and processing payments. Collection and use of this data is a requirement for using Down’s services.
- The Processing is Necessary for Down’s Legitimate Interests. Down collects and uses personal data to the extent necessary for its legitimate interests, which includes: (i) to provide customer support; (ii) to optimize our service and develop new services; (iii) for research and analytical purposes; (iv) to enforce Down’s Terms of Service; and (v) to provide you notices about changes to our services.
- Your Explicit Consent is Given. Down may collect and use your data on the basis of your consent. For example, we rely on your consent for us to use your personal information to send you marketing information (such as our newsletters and promotional offers) by email, SMS, or telephone. You may revoke your consent at any time. If you revoke your consent, you will not be able to use any part of our Services that requires collection or use of the data we collected or used on the basis of your consent.
You have a right to: (i) requesting explanations of what data of yours down stores and how it is used; (ii) request copies of your personal data; (iii) request your data to be deleted; (iv) file a complaint about the use of your data; or (v) request your data to be transferred. Our legal basis for collecting, using and sharing your data include consent, contract and legitimate interest. If the legal basis is consent, then you may withdraw your consent at any time. If you wish to exercise any of your rights relating to control of your data, please email us at email@example.com or visit https://downapp.com/manage-my-data.
9. INTERNATIONAL DATA TRANSFERS
The personal data we collect may be transferred to, and processed and stored in, countries outside of the jurisdiction you are located in. For example, if you are located in a country with the EEA, your personal data may be processed in the United States. All international transfers of your personal data are made:
- To a country or territory ensuring an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data as determined by the European Commission;
- To a third party that is a member of a compliance scheme recognized as offering adequate protection for the rights and freedoms of data subjects as determined by the European Commission; or
- Pursuant to appropriate safeguards, such as the Standard Contractual Clauses (processors) approved by European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission or the EU-U.S. Privacy Shield.
If you wish to enquire further about these safeguards used, please send us an email at firstname.lastname@example.org.
All of our data is processed in the United States. If you are located outside of the United States, then your data is safely transferred to our processors located within the United States in accordance with all applicable laws
12. AGE RESTRICTIONS
Our Services are not intended for individuals under 18 years of age. No one under age 18 may provide any data to or on the Services. We do not knowingly collect personal data from individuals under 18. If you are under 18, do not use or provide any data on our website or on or through any of Services or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal data from a person under age 18 without verification of parental consent, we will delete that information. If you believe we might have any data from or about a person under the age of 18, please contact us at email@example.com.
Our Services are not for individuals under the age of 18.
14. HOW TO CONTACT US
Please contact us with any questions, comments or concerns you may have.
15. CCPA Privacy Notice Addendum
For California Consumers
California Consumer Privacy Rights
We do not sell your personal information so no opt-out choice is necessary. What this means is that we do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate in any way your personal information to another company for monetary or other valuable consideration.
You have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:
- the categories and specific pieces of personal information we have collected about you;
- the categories of sources from which we collected the personal information;
- the business or commercial purpose for which we collected or sold the personal information;
- the categories of third parties with whom we shared the personal information; and the categories of personal information about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose.
You have the right to request that we delete the personal information we have collected from you. If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment.
How to Submit a Request:To submit an access or deletion request,contact us as firstname.lastname@example.org. To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal information or complying with your request.