Privacy Policy

Last updated: 31 Jan 2024

This privacy notice for Crikk (“Company,” “we,” “us,” or “our”) describes how and why we collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:

  • Use our mobile app, Crikk.
  • Engage with us in other related ways, including through sales, marketing, or support.

Questions or concerns?
Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for. You can also click here to go directly to our table of contents.

  • What personal information do we process?
    When you use, visit, or navigate our Services, we may process personal information depending on how you interact with Crikk, the choices you make, and the features you use. Click here to learn more.
  • Do we process any sensitive personal information?
    We do not process sensitive personal information.
  • Do we receive any information from third parties?
    We do not receive any information from third parties.
  • How do we process your information?
    We process your information to provide, improve, and administer our Services, communicate with you, ensure security and fraud prevention, and comply with legal requirements. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason. Click here to learn more.
  • In what situations and with which parties do we share personal information?
    We may share information in specific situations and with specific third parties. Click here to learn more.
  • How do we keep your information safe?
    We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Click here to learn more.
  • What are your rights?
    Depending on where you are located, the applicable privacy law may mean you have certain rights regarding your personal information. Click here to learn more.
  • How do you exercise your rights?
    The easiest way to exercise your rights is by filling out our data subject request form available here: Crikk app, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Table Of Contents
  1. 1. WHAT INFORMATION DO WE COLLECT?
  2. 2. HOW DO WE PROCESS YOUR INFORMATION?
  3. 3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
  4. 4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. 5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  6. 6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
  7. 7. HOW LONG DO WE KEEP YOUR INFORMATION?
  8. 8. HOW DO WE KEEP YOUR INFORMATION SAFE?
  9. 10. WHAT ARE YOUR PRIVACY RIGHTS?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide when you register on the Services, express interest in obtaining information about us or our products and Services, participate in activities on the Services, or contact us.

Personal Information Provided by You:
The personal information we collect depends on your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we may collect includes the following:

  • Names
  • Email addresses
  • Usernames
  • Passwords
  • Contact Preferences
  • Payment information (like debit/credit card numbers)
  • Contact or authentication data

Sensitive Information:
We do not process sensitive information.

Payment Data:
We may collect data necessary to process your payment if you make purchases, such as your payment instrument number (e.g., credit card number) and the security code associated with your payment instrument. All payment data is stored by our payment processor, Stripe. You may find their privacy notice link here: https://stripe.com/privacy.

All personal information you provide must be true, complete, and accurate. You must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or device characteristics — is collected automatically when you use our Services.

We automatically collect certain information when you use or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is needed primarily to maintain the security and operation of our Services and for internal analytics and reporting.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

  • Log and Usage Data:
    This is service-related, diagnostic, usage, and performance information collected automatically when you use our Services. Depending on how you interact with us, this data may include your IP address, device information, browser type, settings, pages viewed, actions you take (like feature usage), device event information (e.g., system activity, error reports), and hardware settings.
  • Device Data:
    We collect data about the device you use to access our Services. Depending on the device, this data may include information like your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, ensure security and fraud prevention, and comply with legal requirements. We may also process your information for other purposes with your consent.

We process your personal information for various reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and manage user accounts:
    We may process your information so you can create and log in to your account and keep it functioning properly.
  • To save or protect an individual’s vital interest:
    We may process your information when necessary to save or protect an individual’s vital interest, such as preventing harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and when we have a valid legal reason (i.e., legal basis) to do so under applicable law, such as with your consent, to comply with legal requirements, to provide you with services, fulfill our contractual obligations, protect your rights, or pursue our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on the following legal bases:

  • Consent:
    We may process your information if you have given us permission (i.e., consent) for a specific purpose. You can withdraw your consent at any time. Click here to learn more.
  • Legal Obligations:
    We may process your information if it is necessary for compliance with our legal obligations, such as to cooperate with law enforcement agencies, exercise or defend our legal rights, or disclose your information as evidence in litigation.
  • Vital Interests:
    We may process your information if it is necessary to protect your vital interests or those of a third party, such as situations involving potential threats to anyone’s safety.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time. Click here to learn more.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, such as:

  • When collection is clearly in the interest of an individual and consent cannot be obtained in a timely way.
  • For investigations and fraud detection and prevention.
  • For business transactions if certain conditions are met.
  • If it is contained in a witness statement and necessary for assessing or settling an insurance claim.
  • For identifying injured, ill, or deceased persons and communicating with next of kin.
  • If we have reasonable grounds to believe an individual is or may be a victim of financial abuse.
  • When obtaining consent would compromise the availability or accuracy of information needed for investigating a breach of an agreement or a law violation.
  • When disclosure is required to comply with a subpoena, warrant, court order, or similar legal process.
  • When the information is produced in the course of employment, business, or profession and collected for consistent purposes.
  • For journalistic, artistic, or literary purposes.
  • When the information is publicly available and specified by the regulations.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

  • Business Transfers:
    We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like Meta SDK and Google Firebase) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by third parties with whom we may share your personal information (see “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?” above), in the U.S. and other countries.

For Residents in the EEA or UK:

If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), the countries where your information is processed may not have data protection laws as comprehensive as those in your own country. However, we take all necessary measures to protect your personal information in accordance with this privacy notice and applicable laws.

European Commission’s Standard Contractual Clauses:

We have implemented measures to protect your personal information, including using the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require recipients to protect all personal information originating from the EEA or UK in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners, and further details can be provided upon request.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information as long as necessary to fulfill the purposes described in this privacy notice, unless required by law.

We will only retain your personal information for as long as it is necessary for the purposes outlined in this privacy notice, unless a longer retention period is required or allowed by law (for example, for tax, accounting, or other legal obligations). No purpose in this notice will require keeping your personal information longer than the period of time you have an account with us.

When we no longer have a legitimate business need to process your information, we will either delete or anonymize it. If deletion isn’t possible (for instance, because it is stored in backup archives), we will securely store your personal information and isolate it from further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through security measures.

We have implemented appropriate and reasonable technical and organizational security measures to protect the security of your personal information. Despite our efforts, no electronic transmission over the Internet or information storage technology can be completely secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties won’t be able to bypass our security measures and improperly access, collect, steal, or modify your information.

Although we strive to protect your personal information, transmitting it to and from our Services is at your own risk. It is advisable to only access the Services within a secure environment.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In certain regions like the EEA, UK, and Canada, you have rights to access and control your personal information. You can review, change, or terminate your account at any time.

Rights in the EEA, UK, and Canada:

In some regions, including the EEA, UK, and Canada, you have specific rights under data protection laws. These may include the right to:

  • Request access to and obtain a copy of your personal information.
  • Request rectification or deletion of your personal information.
  • Restrict the processing of your personal information.
  • Object to processing based on your specific circumstances.
  • Exercise the right to data portability.

If you wish to exercise any of these rights, you can contact us using the details provided in the “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” section below. We will consider and respond to your request in accordance with applicable data protection laws.

Withdrawing Your Consent:

If we rely on your consent to process your information, you can withdraw it at any time. This withdrawal won’t affect the lawfulness of any processing conducted before your withdrawal, nor will it affect processing based on other legal grounds.

Opting Out of Marketing Communications:

You can opt out of marketing communications at any time by clicking on the unsubscribe link in our emails or contacting us using the details provided below. Even if you opt out of marketing messages, we may still need to contact you for non-marketing purposes, like account administration or service-related communications.

Managing Your Account Information:

If you would like to review or update your account information, or if you want to terminate your account, you can:

  • Contact us using the provided contact information.
  • Log in to your account and update your settings.

If you request account termination, we will deactivate or delete your account and information from active databases. However, some information may be retained to comply with legal obligations or to prevent fraud and assist with investigations.

11. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile devices and applications have a “Do-Not-Track” (DNT) feature. You can use it to express your preference not to be tracked while browsing. However, there is currently no finalized standard for recognizing DNT signals. This means we do not respond to DNT signals or other similar mechanisms at this time. If a standard is finalized in the future, we will update our privacy notice to let you know about our new practices.

12. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
Yes, if you are a resident of California, you have specific privacy rights. Under California Civil Code Section 1798.83, also known as the “Shine The Light” law, California residents can request, once a year and free of charge, details about the personal information we may have shared with third parties for direct marketing purposes. To make such a request, you must contact us in writing using the information provided below.

For users under 18 years old who have an account with our services, you can ask to have any publicly posted data removed. To do this, send a request that includes your email and confirms you reside in California. We will work to ensure that the data is no longer visible, but please be aware that this may not include complete removal from all systems, such as backups.

Under the California Consumer Privacy Act (CCPA), California residents have more rights regarding their personal information. Here’s a breakdown of what those rights include:

  • Right to Know: You have the right to know what categories of personal information we collect and for what purpose. You can also find out if we sell any of this data.
  • Right to Delete: You can request the deletion of your personal information, except where certain legal exceptions apply.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Opt-Out: You can ask to stop any future selling of your personal information to third parties.

We will verify your identity using information you have previously provided. For more details on how to exercise these rights, you can contact us using the information below or visit our website.

13. DO WE MAKE UPDATES TO THIS NOTICE?
Yes, we may update this privacy notice to keep up with legal requirements or our practices. The updated version will be effective as soon as it is posted. The “Revised” date will indicate when it was last updated. If there are any significant changes, we may notify you through a prominent notice or direct communication. We encourage you to review this privacy notice periodically.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have any questions or comments, you can reach our Data Protection Officer (DPO), Derek Pankaew, by email at [email protected].

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Depending on your country’s laws, you may have the right to access, change, or delete your data. To request access, updates, or deletion of your personal information, please visit: crikk.com/app/.