Our privacy commitment
We take privacy very seriously. Being an EU-based company, we must comply with the EU general data protection regulation (the „GDPR“) when processing the personal data. We provide our Services either directly to natural person end-users or to our business clients in which case we process personal data about their employees or users. We regard all natural person users of our Services data subjects according to the GDPR.
If you have any questions concerning how we process your personal data, you can contact us email@example.com . All privacy enquiries sent to us are received and reviewed by our data protection officer (‘DPO’) appointed to serve as a contact point for you and supervisory authorities.
Why do we process your personal data?
Generally, we need to process your personal data in order to:
provide the Services;
meet our legal or contractual obligations;
pursue our legitimate software developer interests.
Development, improvement & testing
As a software developer we need to be able to continuously develop, improve, maintain and test our software products which we regard our own legitimate interest. This typically includes:
Removal of bugs and other software faults or errors;
Development of new application updates, versions or functionalities (features);
General analysis of application;
Analysis of user trends within the application including general user profiling based on that;
Accuracy analysis (location, speed, direction or other values);
Customer polls focused on improvement of the Services;
Customer feedback on design and user experience;
Testing on the production copies of partially anonymized data.
Direct marketing communications (newsletter & push notifications)
We do not send-out direct marketing communication to everyone. If you receive a direct marketing message from us it’s either because you have previously granted us a specific direct marketing consent or because we have obtained your email within the process of providing you with our Services and the message relates to a similar product or service. Irrespective of that, you can always opt-out from receiving any further direct marketing communication and/or object to processing of your personal data for direct marketing purposes as explained below.
We regard our marketing analytics a distinct purpose of processing personal data from sending out direct marketing communications. Some of the below activities might not necessarily involve processing of personal data. However, we would like to be transparent about the processing activities we undertake (with data generally) and would like to give our users full control over marketing related processing of personal data, as explained here. All of the below activities do correspond with our legitimate interest of better understanding our customers, customer trends and expectations when providing or offering our Services. For example, marketing analytics may include:
General analysis of user behavior for better marketing strategies, decision or more personalized targeted advertising;
Targeted advertising of Sygic products or services for example via Facebook App Install ads, Google AdWords, PayPerClick and similar tools;
Performance analysis of different marketing campaigns (e.g. Exponea, Google Analytics);
Cross-device linking (pairing of data about different devices of the same user);
User segmentation for more personalized direct marketing communication (if conditions for direct marketing communications are met).
We keep various anonymous or aggregated statistics based on which one cannot identify an individual. For example, we might keep statistics about how many users are using our applications or what is the average usage time of our applications. Although these statistics are made by conversion or analysis of real personal data, the statistic findings or results are not personal data.
Maintaining social media profiles
We maintain several business profiles on social media platforms where you can interact or communicate with us. By doing so, we are pursuing our legitimate interest: increasing company/brand awareness in online environment. We might process your personal data via our social media profiles when you write to us, comment, like or share our posts. Your provision of personal data via social media to us is voluntary. Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profiles. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms. You can currently find us on Facebook, Linkedin, Twitter, Instagram, Pinterest, Youtube, Stack Overflow, Github, Tumblr, Dribble and Behance.
We might organize customer contests, price giveaways or similar promotional activities for example via our social media profiles. When we do so, we typically put forwards terms & conditions or statute which you need to accept before joining the contest. By doing so, you conclude a contract with us meaning we do not need your consent for participation and related processing of your personal data. However, we would always ask your consent should the circumstances require so.
Billing, Tax & Accounting
When you purchase any paid add-on, feature or application from us, we must process your personal data in line with the applicable billing, tax and accounting legislation. Invoices and invoicing documentation might include your personal data. However, we are obliged to process, keep and store such data for statutory periods in order to be compliant with local law. Specific provisions of billing, tax and accounting legislation might vary across different jurisdictions.
Security of personal data
We are obliged to adopt measures to ensure appropriate level of personal data security. Although these measures are not primarily directed for processing of personal data (which is rather a by-product of their purpose), processing of your personal data to some necessary extent might be needed in order for these measures to be implemented (for example encryption, pseudonymization, logging, backups, crash reporting, breach/incident reporting, security investigations and documentations, access control, harmful content detection, etc.).
Handling user requests
Every time we are legally required to handle your requests, we must necessarily process your personal data. For example, when you approach us with request based on your data subject rights stemming from GDPR, we must process your personal data in order to comply with GDPR requirements.
From time to time, we might need to pursue a legal claim, ask for compensation or off-court settlement, keep evidence for potential dispute, manage legal contracts, request legal advice from external advisors, report illegal activity to law enforcement authorities or otherwise protect our legitimate legal interests (i.e. enforcing our legal rights). Although these activities do not automatically involve processing of personal data about our users (which happens very rarely), we would like to be transparent about such purpose of processing in case it does.
How do we collect your personal data?
Generally, we collect your personal data directly from you (source), for example when you decide to download our app, make a purchase, register your account, fill-out marketing consent form, contact us or otherwise use our Services. Provision of personal data to us by you might happen directly, for example by filling-out registration, order or consent form but might also happen indirectly for example by using our apps which need to collect data in order to operate and in order to provide you with the Services requested. For example, when using our navigation or localization apps, we must collect your precise location, speed and bearings. Provision of personal data by you is voluntary or presents either a requirement to enter into a contract or a contractual requirement (EULA). Certain processing of personal data might be required by law or required by us in order to pursue our own legitimate interests, as explained above. However, if you decide not to provide us your personal data in the first place, these additional statutory or legitimate interest provisions of data should not happen.
Who are recipients of your personal data?
We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized personnel of Sygic or a verified third party. Our employees might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee.