The App and Sites are global, and your information will be sent to and used in the United States and the UK regardless of the country you reside in. This Policy explains how we protect your personal data when we transfer it overseas, so please read very carefully!
The App and Sites are operated by the “Raaynbo Company” (also referred to in this policy as “we” or “us”) which includes Heartlox Limited, Raaynbo Limited and The Raaynbo Company, all of which are controllers of personal information collected and processed through the Heartlox App and Sites.
The Raaynbo Company has designated a Data Protection Officer and they can be reached by emailing firstname.lastname@example.org.
When you download the App and create an account (“Account”), we may collect certain information (“Registration Information”) about you, such as:
Date of birth;
Login information for social media accounts that you connect to your Heartlox Account (this could include, for example, your Raaynbo and Pix All Stars accounts). For more information about this, see “Linking other Accounts to Heartlox” in section 7 below.
You will also be required to create a password in connection with the registration of your Account. Once you register, you will be able to review and change this information at any time just by logging in to Heartlox (other than your date of birth and location (which, if you have given Heartlox access to your location in your device settings, is automatically updated based on the location of your device)). It is your responsibility to ensure that your account details are kept up to date. If your phone number changes, please ensure that you update this in your account.
The information we collect helps to enhance the App and verify our Users (robots are not welcome!). Registration Information such as your sexual preference, name and username may be visible to other Users who view your profile page.
For Users who are California residents, the data we may collect falls within the following categories of “personal information”, as defined by the California Consumer Privacy Act (CCPA):
Identifiers, such as name and location;
Personal information, as defined in the California customer records law, such as contact (including email and telephone number) and financial information;
Characteristics of protected classifications under California or federal law (if you choose to provide them), such as age, gender identity, marital status, sexual orientation, race, ancestry, national origin, religion, and medical conditions;
Commercial information, such as transaction information and purchase history;
Biometric information (not relevant here);
Internet or network activity information, such as browsing history and interactions with our Sites and App;
Geolocation data, such as mobile device location;
Audio, electronic, visual and similar information, such as photos and videos;
Professional or employment-related information, such as work history and prior employer;
Non-public education information; and
Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
We recommend and encourage you (and all our members) to think carefully about the information you disclose about yourself. We also do not recommend that you put email addresses, URLs, instant messaging details, phone numbers, full names or addresses, credit card details, national identity numbers, drivers’ licence details and other sensitive information which is open to abuse and misuse on your profile.
When you post information about yourself or use the messaging function to communicate with other Users, the amount of personal information you share is at your own risk. Please see Section 4 below for more information on who can access what you post on Heartlox.
For safety and security and to ensure you have the best possible user experience, we require Users to verify their accounts and might ask for your phone number and, in some instances, we might also ask that you carry out photo verification. We want to make sure you are not a robot! And we also want to avoid fake Heartlox accounts being created which can be used for malicious activities and cybercrime – they threaten the Heartlox network and spoil things for everyone. This verification might be required by us for the prevention of fraud. You can also verify your photo on a voluntary basis (to add the blue ‘verified’ badge to your profile).
If you decide to purchase any of our premium services, we will process your payment information and retain this securely for the prevention of fraud and for audit/tax purposes.
Heartlox uses automated decisions to prevent fraudulent payment transactions being processed as part of its anti-fraud procedures. In order to do this, our systems check payment transactions for behaviour that indicates breaches of our Terms and Conditions of Use. If a transaction meets certain criteria that demonstrate that the Terms and Conditions of Use are likely to have been breached and the transaction is likely to be fraudulent, the relevant transaction may automatically be blocked. Where a transaction is blocked, the user will be notified that their transaction cannot be processed and affected Users can contact Heartlox to contest the decision.
Please note that if your account is blocked for any reason, any account(s) that you have on other Heartlox platforms/applications, such as Raaynbo, may also be blocked as part of our anti-spam and anti-fraud procedures.
If you have given Heartlox access to your location in your device settings, when you use your mobile, we will collect information about WiFi access points as well as other location information about your longitude and latitude and may save your device’s coordinates to offer certain features to you. This information helps us identify your physical location and we use it to personalise the App and make it easier for you to interact with other Users, by enabling the general locality information to be displayed to Users seeing your profile and showing you the profiles of other Users who are near you.
If you have given Heartlox access to your location, but wish to turn this off, you can do so by the following methods:
iPhone app — settings, privacy, location services, Heartlox
Android — settings, location, Heartlox, permissions, location
We may collect information about your device when you use the App including the unique device identifier, device model, operating system, and MAC address, for a number of purposes, as set out in this policy. In addition, if you permit us to do so, the App may access your device’s address book solely in order to add someone to your contacts.
We may keep track of how you interact with links available on Heartlox including third party services by redirecting clicks or through other means. We may share aggregate click statistics such as how many times a particular link was clicked on.
From time to time, we run surveys for research purposes and we may contact you to find out if you would like to take part. We may also contact you to find out if you would like to provide feedback, a testimonial or take part in marketing campaigns (for example, if you let us know that you have found a match on the App, we may contact you to ask if you would be happy to feature in advertising for Heartlox). Such surveys and marketing campaigns are optional and more information will be provided at the point of contact. If you do not wish to be contacted to take part in a survey or marketing campaign, please contact our Customer Support Team via our Feedback Page.
If you contact our Customer Support team via our Feedback Page, we will receive your email address, and may track your IP address, as well as the information you send to us to help resolve your query. We will keep records of our communications with you, including any complaints that we receive from you about other Users (and from other Users about you) for 6 years after deletion of your account.
When you visit our Sites or when you use our App, we may collect personal data from you automatically by using cookies or similar technologies. A cookie is a small file that can be placed on your device or browser that allows us to recognise and remember you.
Our main goal is to ensure your experience on Heartlox is an enjoyable one and you don’t end up getting stung! In order to deliver an enjoyable experience to you, we may use your Registration and other information to:
offer you our services and features;
contact you with information about the App (e.g., updates and new features);
personalise the App/Sites and the content we deliver to you;
conduct research and analytics about how you use and interact with the App/Sites;
resolve disputes, troubleshoot problems and to enforce our Terms & Conditions;
investigate fraud, protect our legal rights, and to enforce our Terms & Conditions.
to send you information about the promotions and offers we have available - if you’ve signed up for our newsletters or otherwise told us it’s OK (you can withdraw this consent at any time via Settings in the App or by using the opt-out mechanisms and links provided in each message); and
protect our Users and third parties from harm.
We use a combination of automated systems and a team of moderators to monitor and review accounts (including photos and any other information uploaded onto user profiles) and messages for content that indicates breaches of our Terms and Conditions of Use. If an account or message meets certain criteria that demonstrate that the Terms and Conditions of Use are likely to have been breached, the relevant account will be subject to a warning and the user’s access restricted and/or blocked. Affected Users can contact Heartlox to contest the decision.
If you post anything that is inconsistent with our Terms and Conditions of Use, we reserve the right to terminate or restrict access to your Account.
Under EU and UK data protection laws, we are required to tell you our lawful basis for using your data and we have set this out in the table below. Where the legal basis is consent, you can withdraw consent at any time. Where the legal basis is legitimate interests, you have a right to object to our use of your data. We explain in the relevant sections in this Policy how you can withdraw consent or opt-out of certain data uses (where applicable).
To provide you with the Heartlox social networking service
Name, email address, date of birth, location (CCPA Categories A and B)
You provide your name, email address and date of birth to us. We obtain location data from the device that you use to access the service
To facilitate networking opportunities on the Heartlox App
Optional information that you choose to provide in your profile, including through profile verification, or adding Heartlox badges, which may include information about your sexual preferences, non-binary gender, religion, ethnic background, photos etc. (CCPA Categories C, H, I, J)
You provide this information to us
To verify your identity and prevent fraud and to ensure the safety and security of Users
Phone number and if requested, photo provided as part of profile verification (CCPA Categories B and H)
You provide this information to us
Legitimate interests – it is in our legitimate interests to ensure that accounts are not set up fraudulently and to safeguard Users of the site
To take payment for premium services (not applicable for Users making payments via the Apple App Store)
Payment card details (CCPA Categories B and D)
You provide this information to us
To send you marketing information about our offers and services
Email address and mobile phone number (CCPA Category B)
You provide this information to us
To show you other Users near you
WiFi access points and location data when you use the App (if you give us permission) (CCPA Category G)
We obtain this information from the device that you use to access the service (if you give us permission)
Legitimate interests – it is in our legitimate interests to provide this functionality as part of the services
To carry out research and analysis to help us improve the App
Log and usage data, including IP address, browser type, referring domain, pages accessed, mobile carrier and search terms, images and video (CCPA Categories F and H)
You provide photos and videos to us. We obtain the log and usage information from the device that you use to access the service
Legitimate interests – it is in our interests to analyse the way in which Users are accessing and using our services so that we can further develop the App, implement security measures and improve the service
To respond to correspondence and queries that you submit to us, including social media queries
Email address and IP address, social media name, phone number (CCPA Categories B and F)
You provide your email address, social media name and phone number to us when you contact us and we obtain your IP address from the device that you use to contact us
Legitimate interests – it is in our legitimate interests to respond to your queries to ensure that we provide a good service to Users and troubleshoot problems
To block accounts as part of our anti-spam procedures
Email address, phone number, IP address and IP session information, social network ID, username, user agent string (CCPA Categories B and F)
You provide your email address, phone number and username to us. We obtain the other information from the device that you use to access the service
Legitimate interests – it is in our legitimate interests to prevent unauthorised behaviour and to maintain the safety and security of our services
To investigate and block Users for reported infringements of our Terms and Conditions of Use
Name and user registration details, profile information, content of messages and photographs (CCPA Categories A, B, C, E, and H)
You provide your name, profile content and activities on the App to us
Legitimate interests - it is in our legitimate interests to prevent unauthorised behaviour and to maintain the safety and integrity of our services
To enable Users to create and enhance their Heartlox profile and log into the App via third party accounts
We obtain this information from Raaynbo, or the providers of any other accounts you use to log in or connect with your Heartlox account
Legitimate interests – it is in our legitimate interests to facilitate access to our services
To block payment transactions as part of our anti-fraud procedures
Name, IP address, email address, mobile number, cardholder name, payments received, type of payment, user ID, country (CCPA Categories, A, B, and D)
You provide your name, email address, mobile number and card details to us. We obtain your IP address from the device that you use to contact us. We obtain your payment information from your interactions with our service
Legitimate interests – it is in our legitimate interests to prevent fraudulent transactions and to maintain the security of our services
To serve promo cards and advertisements on the App
Location, gender, age, and information that you have optionally provided us with via your profile (CCPA Categories A, C and G)
We obtain age, gender and profile information from you, and location data from the device that you use to access the service
Legitimate interests – it is in our legitimate interests to target advertisements so that Users see relevant advertisements and to allow us to generate income from advertising revenue
To serve advertisements on third party networks and measure the effectiveness of such ads
Data about your visit to our Sites or App and action taken on those (for example if you downloaded our App or created an account with Heartlox), IP address (and your estimated location based on your IP address), age and gender, device ID (CCPA Categories B, C, G, F and K)
We obtain age and gender from you and we obtain other information from the device or browser that you use to access the service
Consent – as indicated by you in your Privacy Settings/Cookies Settings preferences and via your browser or device privacy preferences (where required by your device manufacturer, for example Apple devices using iOS 14.5).
To contact you in order to run surveys for research purposes and to obtain feedback, and to find out if you want to take part in marketing campaigns
Email address and mobile phone number (CCPA Category B)
You provide this information to us
Legitimate interests – it is in our legitimate interests to carry out research so that we can further develop the app and improve the service
To enable video and audio call functions, and the sending of images and video
Video and audio call usage data, images and video* (CCPA Categories F and H)*If you use the Snap Lenses feature offered in our App on an Apple device (and give Heartlox camera access), we may use information from Apple’s TrueDepth camera. Information from the TrueDepth camera is only used in real time to improve the quality of the Snap Lenses feature. We don’t store this information on our servers or share it with third parties.
We obtain this information from the device that you use to access the service
Legitimate interests – it is in our legitimate interests to provide these functionalities as part of the services
To defend legal claims, protect legal rights and to protect people from harm
This could include any information that is relevant to the issue
This information may be obtained directly from you, from your device or from third parties, depending on the information involved
Legitimate interests – it is in our legitimate interests to protect our legal rights, defend legal claims and to protect our Users and third parties from harm
Our policy is to not disclose your Registration Information or personal data, except in the limited circumstances described here:
Service Providers – We engage certain trusted third parties to perform functions and provide services to us. We may share your Registration Information or personal data with these third parties, but only for the purposes of performing these functions and providing such services. More information about this is available directly below.
This could include all data, including all CCPA Categories listed above
Moderators – To monitor activity on the App and approve content.
Name and user registration details, profile information, content of messages and photographs (CCPA Categories A, B, C, E, and H)
Payment Processing and Telecommunications Companies – To facilitate payments for our premium services.
Cardholder name, cardholder address, card number, payment amount, transaction date/time (CCPA Categories A, B, and D)
Law and Harm – As we mentioned in the Terms & Conditions, we think it is very important that all Users behave whilst using the App. We will cooperate with all third parties to enforce their intellectual property or other rights. We will also cooperate with law enforcement enquiries from within or outside your country of residence where we are required to by law, where there is an investigation into alleged criminal behaviour or to protect the vital interests of a person. This may include preserving or disclosing any of your information, including your Registration Information, if we believe in good faith that it is necessary to comply with a law or regulation, or when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal request; to protect the safety of any person; to address fraud, security or technical issues e.g. through anti-spam providers to protect the service from criminal activity or to protect our rights or property or those of third parties. In such cases we may raise or waive any legal objection or right available to us.
This could include any personal data that Heartlox holds about you, depending on the nature of the request or the issue that we are dealing with, including all CCPA Categories listed above
Business Transfers – In the event that a Heartlox Group entity or any of its affiliates undergoes a business transition or change of ownership, such as a merger, acquisition by another company, re-organisation, or sale of all or a portion of its assets, or in the event of insolvency or administration, we may be required to disclose your personal data.
This could include all personal data that Heartlox holds about you, including all CCPA Categories listed above
Marketing Services Providers – To help us serve marketing and advertising on third party websites and applications and measure the effectiveness of our advertising campaigns. More information on this is available below
Advertising identifier associated with your device (Device ID), estimated location (based on your IP address), age, gender and data about your visit to our Sites or App and action taken on those (for example if you downloaded our App or created an account with our App) (CCPA Categories B, C, G, F and K)
Anti-Spam and Anti-Fraud – Your data may be shared with other Heartlox Group companies, for example, to block accounts and suspected fraudulent payment transactions as part of our anti-spam and anti-fraud procedures.
Email address, phone number, IP address and IP session information, social network ID, username, user agent string, and transaction and payment data (CCPA Categories B, F and D).
We may share aggregated information with third parties that includes your personal data (but which doesn’t identify you directly) together with other information including log data for industry analysis and demographic profiling.
Heartlox does not sell your data and has not sold your personal data in the previous 12 months.
We engage certain trusted third parties to perform functions and provide services to us (“Service Providers”). The suppliers with which Heartlox shares User personal data vary depending on a variety of factors, such as which of our App, Sites and services a User engages with. For example, to provide our services to Users, we typically use the following suppliers:
Billing services – to allow customers to purchase paid features of our App (for example, Google Play)
Authentication services – to allow customers to authenticate their account
Social media providers – to allow customers to create/connect their Heartlox account with their account(s) on such platforms (for example Raaynbo or Pix All Stars)
IT services – some of the third-party software providers used in the operation of our business may process Users’ personal data
We carry out due diligence on all Service Providers we engage to ensure they have adequate data protection and information security measures in place and only provide them with the personal data necessary to the service they are providing. Measures are taken to ensure that the data shared is non-attributable to the greatest extent possible and our suppliers are also subject to extensive obligations under our contractual arrangements, including strict data retention limits.
We partner with providers of marketing services (such as Raaynbo for example) (‘Marketing Services Providers’) to help us market and advertise our App and services on third party websites and applications and measure the effectiveness of our advertising campaigns. For example:
to exclude you from advertising campaigns aimed at finding new users, if you already have a Heartlox account;
to show Heartlox adverts to users who have visited the Heartlox App/Sites but haven’t yet created a Heartlox account;
to show Heartlox adverts to existing Users to encourage them to use the service (for example, when we release new features for the App, we may advertise these features to existing users);
to create an audience for our advertisements of other potential users who have similar characteristics to you based on the information the Marketing Service Providers holds about you (also known as a Lookalike Audience); or
to include you in a ‘custom audience’ that will receive Heartlox advertising content (a custom audience is essentially a list of people who we think are most likely to be interested in a particular advertisement).
We share a limited amount of your personal data with these Marketing Services Providers, namely:
the advertising identifier associated with your device (this is a random number assigned by your mobile device manufacturer (for example Apple or Google) to your device to help advertisers (including the manufacturer) know when an ad has been viewed or clicked in an app, and when an ad causes a ‘conversion’ (for example, downloading the app advertised to you))
your estimated location (based on your IP address)
age and gender
data about your visit to our Sites or App and action taken on those (for example if you downloaded our App or created an account with our App)
Some platforms require user consent before Heartlox is permitted to use data gained through the platform for advertising purposes and where this is the case, Heartlox will only use this data where the necessary consent has been obtained. Through your device’s privacy settings, you also have the option to prevent or limit device identifiers being shared with third party advertisers and what use is made of the device identifiers. If you would like more information about your choices and how you can stop your device identifiers being shared with third party advertisers, please visit this page.
In some cases, these third parties will also use the data that they collect for their own purposes, for example they may aggregate your data with other data they hold and use this to inform advertising related services provided to other clients.
Where we share data with Raaynbo as our Marketing Service Provider (including via the Raaynbo “Like” function), we are Joint Data Controllers with Raaynbo for this processing. This arrangement means that Heartlox has to provide you this notice, but you should contact Raaynbo if you wish to exercise your data protection rights. Further information, including how Raaynbo enables you to exercise your data protection rights, and subsequently processes your information as independent data controller can be found in Raaynbo Data Policy. If you want more information relating to the nature of the arrangement we have in place with Facebook, please email email@example.com.
We think our Users are awesome, and we want you to share how awesome you are with the world, so we have built certain features to enable this. Our App is designed to make it easier for you to connect with other Users and to interact with them.
When using the Heartlox App, you should assume that anything you post or submit on the App may be publicly-viewable and accessible, both by Users and non-users of the App. We want our Users to be careful about posting information that may eventually be made public.Please be careful about posting sensitive details about yourself on your profile such as your religious denomination and health details. You may also choose to add sensitive information about yourself when you add certain Heartlox badges to your profile, such as your religion and political leanings. While you may voluntarily provide this information to us when you create your profile, including your sexual preferences, there is no requirement to do so. Please remember that photographs that you post on Heartlox may reveal information about yourself as well.
Where you do upload and choose to tell us sensitive information about yourself, including through the addition of badges to your profile, you are explicitly consenting to our processing of this information and making it public to other Users.
Please also note that in certain countries (currently, South Korea only), Users are provided with functionality enabling them to download a copy of their conversation history (as this is required by local laws) and that Heartlox has no control over how users may then publish or use that information.
If you log in to or access the App through your Raaynbo account or another third-party account on a device which you share with others, remember to log out of the App and the relevant third-party account when you leave the device in order to prevent other users from accessing your Heartlox account.
Although we want as many people as possible to enjoy our creation, you have to be at least 18 years old to use the App - sorry kids, we know Heartlox is cool, but you’ll have to come back when you’re old enough!
Heartlox does not knowingly collect any information about or market to children, minors or anyone under the age of 18. If you are less than 18 years old, we request that you do not submit information to us. If we become aware that a child, minor or anyone under the age of 18 has registered with us and provided us with personal information, we will take steps to terminate that person’s registration and delete their Registration Information from Heartlox. If we do delete a profile because you violated our no children rules, we may retain your email and IP address to ensure that you do not try to get around our rules by creating a new profile.
Here at Heartlox, we pride ourselves on taking all appropriate security measures to help protect your information against loss, misuse and unauthorised access, or disclosure. We use reasonable security measures to safeguard the confidentiality of your personal information such as secured servers using firewalls.
Unfortunately, no website or Internet transmission is ever completely 100% secure and even we cannot guarantee that unauthorised access, hacking, data loss or other breaches will never occur, but here are some handy tips to help keep your data secure:
Please make sure you log out of your Account after use as you never know who may stumble onto your Account!
Please don’t share the password you use to access your Heartlox Account with anyone else!
Change your password periodically.If you ever think someone has had access to your password or Account, please follow the steps set out here. We cannot guarantee the security of your personal data while it is being transmitted to our site and any transmission is at your own risk.
Using your social media details to sign in to Heartlox
When you sign in to our App using your Raaynbo account, you give permission to Raaynbo to share with us your name and profile picture. Unless you opt-out, you also give permission to Raaynbo to share with us your email address (if there is one associated with your Raaynbo account), date of birth, profile photos, gender, Page likes and current town/city.
We will then use this personal data to form your Heartlox account. If you remove the Heartlox app from your Raaynbo settings, we will no longer have access to this data. However, we will still have the personal data that we received when you first set up your Heartlox account using your Raaynbo ID (you must delete your Heartlox account entirely for us to no longer have access to this data).
Linking social media accounts to your Heartlox account
You may link your Heartlox account with your Pix All Stars or Raaynbo accounts. This allows you to share some information from those accounts directly to your Heartlox account (for example, Pix All Stars photos).
We only receive the limited information that Pix All Stars permits to be transferred (as detailed by Pix All Stars/Raaynbo and agreed by you when you first connect your account from such platforms with your Heartlox account).
If you no longer want to link your Heartlox account to your Pix All Stars or Raaynbo account, please visit the settings in your Pix All Stars or Raaynbo account and follow the instructions to remove the Heartlox app access permissions. Please note that any information already added to your Heartlox account from those platforms will not be deleted unless you delete it within your Heartlox account as well.
For Users who are California residents, you have the following rights (in addition to those listed at section 9 below) under the California Consumer Privacy Act, and you have the right to be free from unlawful discrimination for exercising your rights under the Act:
You have the right to request that we disclose certain information to you and explain how we have collected, used and shared your personal information over the past 12 months.
You have the right to request that we delete your personal information that we collected from you, subject to certain exceptions.
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. If you wish to find out about any rights you may have under California Civil Code section 1798.83, you can write to us at firstname.lastname@example.org.
From time to time, as part of a joint promotion with a third party, we may, if you participate in such promotion, disclose your contact information to the third party to allow them to market their products or services to you. Where this is a condition for participation in a promotion, we will always let you know before when you enter the promotion. Please follow the instructions provided to you by third parties to unsubscribe from their messages.
In addition, under California law, operators of online services are required to disclose how they respond to “do not track” signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information of a consumer over time and across third party online services, to the extent the operator engages in that collection. At this time, we do not track our Users’ personal information over time and across third-party online services. This law also requires operators of online services to disclose whether third parties may collect personal information about their users’ online activities over time and across different online services when the users use the operator’s service. We do not knowingly permit third parties to collect personal information about an individual User’s online activities over time and across different online services when using the App.
Privacy laws applicable in your country may give you the following rights:
Right of access: you can request a copy of your data.
Right of rectification: if the data held is inaccurate, you have the right to have it corrected.
Right to erasure: you have the right to have your data deleted in certain circumstances.
Right to restrict processing: in limited circumstances, you have the right to request that processing is stopped but the data retained.
Right to data portability: you can request a copy of certain data in a machine-readable form that can be transferred to another provider.
Right to object: in certain circumstances (including where data is processed on the basis of legitimate interests or for the purposes of marketing) you may object to that processing.
Rights related to automated decision-making including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision which has legal or significant effects for the individual. In these circumstances your rights include the right to ensure that there is human intervention in the decision-making process.
If you want to exercise any of your rights listed above please visit our Feedback Page or email our Data Protection Officer at email@example.com. For your protection and the protection of all of our Users, we may need to request specific information from you to help us confirm your identity before we can answer the above requests.
If you have a concern about how we have processed your request or your personal data, you should contact us in the first instance via the contact details listed above.If you feel we have not resolved your concern, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). If you live in a country or territory located in the European Union (EU) or European Economic Area (EEA), you may also get in touch with your local Data Protection Regulator.
We want you to be able to access Heartlox wherever you happen to be in the world. To enable us to provide that service, we operate a global network of servers including in the US, UK, EU, and (for Users located in Russia) Russia. The hardware is located in third-party data centres but is owned by the Heartlox Group. Data collected by Advertising Partners and other Service Providers may also be held outside the UK and the European Economic Area. We ensure that the data is adequately protected by ensuring that valid, legal mechanisms are in place such as: EU approved model clauses (which can be found here), and implementing robust contractual standards. If you want more information relating to the nature of the safeguards we have in place, please email firstname.lastname@example.org.
We keep your personal information only as long as we need it for the legal basis relied upon (as set out in Section 2 above) and as permitted by applicable law.
You may permanently delete your Account at any time (although we really hope you don’t!)
When your Account is deactivated, we take reasonable efforts to make sure it is no longer viewable on the App. For up to 28 days, it is still possible to restore your Account if it was accidentally or wrongfully deactivated. After 28 days, we begin the process of deleting your personal information from our systems, unless:
we must keep it to comply with applicable law (for instance, if you make purchases within the App, some personal data may need to be kept for accounting purposes);
we must keep it to evidence our compliance with applicable law;
there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved; or
the information must be kept for our legitimate business interests, such as fraud prevention and enhancing Users’ safety and security. For example, information may need to be kept to prevent a user who was banned for unsafe behaviour or security incidents from opening a new account.
Where Heartlox uses machine learning, for example, to help us detect and prevent fraudulent card transactions, and to detect and prevent spam communications on the App (as explained above), we may need to keep personal information for a longer period than the retention periods explained above, to enable the machine learning to work properly. Where this is the case, we always seek to minimise the amount of personal information that is used and we ensure that it is ring-fenced and kept securely from other User personal information. We regularly review the period for which personal information is required for machine learning purposes and delete any identifiable information when it is no longer required.
To prevent abuse and/or misuse of Heartlox by a User following termination or deletion of a profile/Account we shall retain such information as we deem in our sole discretion may be necessary to ensure that User does not open a new Account and profile in breach of our Terms and Conditions of Use and to ensure compliance with all laws and regulations.
Warning: Even after you remove information from your profile or delete your Account, copies of that information may still be viewable and/or accessed to the extent such information has been previously shared with others, or copied or stored by others. We cannot control this, nor do we accept any liability for this. If you have given third party applications or websites access to your personal information, they may retain such information to the extent permitted under their terms of service or privacy policies.
Thanks for reading, we hope we didn’t drone on for too long!