PRIVACY NOTICE

Content:

1. Who are we and what does our Privacy notice cover?

2. What are our roles in data processing?

3. Where did we get your data from?

4. What data, why and how do we process?

5. Who do we share your personal data with?

6. Security of personal data

7. Third party websites

8. Transfer personal data to third countries

9. Automated decisions

10. What privacy rights do you have and how to execute them?

11. How do we update this notice?

Who are we and what does our Privacy Notice cover?

The company VIEWAPP S.L., with registered office at Vía de las Dos Castillas 33, Building: 7 – 2nd Floor, Postcode: 28224, City: POZUELO DE ALARCÓN, MADRID, Spain (hereinafter “VIEWAPP Europe”, “Executor Company”, “Executor” or “We”), is the owner of the VIEWAPP Europe mobile Application (hereinafter “Application”) and https://viewapp.io Website (hereinafter “Website”), along with all associated rights, equipment, software, and hardware required for their operation

This Privacy Notice applies to the following categories of data subjects:
- Users - individuals who use the Application (hereinafter “User”)
- Website visitors - individuals who browse, access, or interact with our Website and its content (hereinafter “Website visitor”)
- Representatives of Contractor Companies - individuals who act on behalf of Contractor Companies (hereinafter “Representative of Contractor Company”). "Contractor Company" means a company that:
  - provides services to the User via the Application;
  - changes the content of the Application.
This Privacy Notice provides information on how we process your personal data. We have written this notice in simple language to help you make informed decisions, ensuring that you understand and have control over the information we collect, how it is used, and when it is shared.

The Privacy Notice extends to:
- our product - an Application "VIEWAPP Europe" for mobile operating systems Apple iOS, Android and HarmonyOS by Huawei,
- our website - https://viewapp.io
- our corporate email - support@viewapp.io
Contact information:

If you have any questions on your privacy protection and rights, please contact us by email: support@viewapp.io
What are our roles in data processing?

According to the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”) VIEWAPP Europe may act in different roles, depending on our relationships with you.

We act as:
- data controller for your personal data if you are visitor of our portal; current or potential client, vendor or business partner; manager or representative;
- data processor for your personal data, which is provided by the Contractor Company under your agreement with them.
Where did we get your data from?
- Directly from you. We may obtain personal data directly from you, for example, when you register for our service or contact us.
- From the Contractor Company. The Contractor Company may share your data with us as permitted by your agreement with them.
- Browser. Whenever you go to one of our websites using your internet browser (like Mozilla Firefox, Google Chrome or Microsoft Internet Explorer etc.), we get some information automatically. This information may include the address of the web page you went to, your computer's IP (Internet Protocol) address, and the version of the browser you used to go to the website.
- Device. When accessing certain sections of the Application, we passively collect certain information from your devices, including your IP address, screen resolution, geolocation, motion data, unique device identifier (if any), mobile operating system, battery and network performance (such as battery status and charger usage) of your device, and system status, including information about device events such as system crashes and activity.

What data, for what purposes, based on what grounds, and how long we process?

When we act as data controller:

Personal data submitted to us through our Application and Website and personal data we collected from you will be used for the following purposes based on the legal grounds set forth hereunder:

Purpose	Data subject	Legal basis	Data	Storage period
Register and log in to use the service (for Application)	User	Contract	Phone number Apple ID User ID	for as long as you have your account, or as long as is needed to be able to provide the services
Register and log in to use the service (for Website)	User	Contract	Phone number: +1234567890 Email: example@example.com User ID: 12345	for as long as you have your account, or as long as is needed to be able to provide the services
Create and complete user profile	User	Contract	Full name Phone number Email Generated password User role User language Companies White-listed IPs Email notification preferences Permissions Authorization method Access group	for as long as you have your account, or as long as is needed to be able to provide the services
Merge duplicate profiles for existing accounts	User	Contract	Phone number Request to merge duplicate profiles	for as long as you have your account, or as long as is needed to be able to provide the services
Merge duplicate profiles for existing accounts	User	Contract	Phone number Request to merge duplicate profiles	for as long as you have your account, or as long as is needed to be able to provide the services
Respond to questions and requests, provide technical support	User, Representative of Contractor Company	Contract	Contact information User information Request text	for as long as you have your account, or as long as is needed to be able to provide the services
Archiving and backups to restore information	User	Legitimate interest	Log data	for as long as you have your account, or as long as is needed to be able to provide the services
Improve and enhance the stability of the Application	User	Legitimate interest	User's mobile device model Statistical information about the use of the Application	no longer than 12 months
Analyze online behavior to improve user experience	Website visitor	Consent	Cookies Browser behavior IP address	see our Cookie Policy for details
Contact us via contact form	Representative of Contractor Company	Contract	Full name Country Company name Phone number Email	no longer than 3 years or for the duration of the contractual relationship
Fill in clients' data in CRM system to maintain relations with them	Representative of Contractor Company	Contract	Company name Company information Manager's full name Manager's email	no longer than 3 years or for the duration of the contractual relationship
Conclude contracts	Representative of Contractor Company	Contract	Company name Company information Manager's full name Manager's email	for the duration of the contractual relationship or other legal basis that authorizes us to process your personal data
Issue invoice	Representative of Contractor Company	Contract	Company name Company information Manager's full name Manager's email Number of inspection Period Sum	for the duration of the contractual relationship or other legal basis that authorizes us to process your personal data
Comply with a legal obligation that we are subject to	User, Representative of Contractor Company	Legal obligation	Company information User information	for 3 years or for the duration prescribed by applicable law

When we act as data processor:

When you use our Application, any information you provide is first sent to our secure servers. From there, this information is made accessible to the Contractor Company.

Purpose	Data subject	Data	Storage period
Gain access to our platform or inspections via SMS	User	Full name Phone number OTP	for the duration specified in the agreement with the Contractor Company
Link user account to the Contractor Company	User	Full name Phone number Email User role Companies Access group	for the duration specified in the agreement with the Contractor Company
Create and complete user profile by Contractor Company	User	Full name Phone number Email Generated password User role User language Companies White-listed IPs Email notification preferences Permissions Authorization method Access group	for the duration specified in the agreement with the Contractor Company
Manage user profile by Contractor Company	User	Full name Phone number Email Generated password User role User language Companies White-listed IPs Email notification preferences Permissions Authorization method Access group	for the duration specified in the agreement with the Contractor Company
Grant access for viewing or performing inspections	User	Full name Phone number Invitation via SMS Status of receiving SMS	for the duration specified in the agreement with the Contractor Company
Conduct and complete inspections	User	Full name Phone number Email Inspection status Creation date Phone model Location (coordinates) Photos Other information specified by the client Decision	for the duration specified in the agreement with the Contractor Company
Manage user inspections by Contractor Company	User	Inspections' special features Inspection status Creation date Access group User information Other information specified by the client	for the duration specified in the agreement with the Contractor Company
Analyze behaviour to improve user experience (SDK)	User	Cookies Browser behavior IP address	for the duration specified in the agreement with the Contractor Company
Respond to questions and requests, provide technical support	User	Contact information User information Request text	for the duration specified in the agreement with the Contractor Company
Error reporting	User	Email Request text	for the duration specified in the agreement with the Contractor Company

Who do we share your personal data with?

VIEWAPP Europe endeavors to apply suitable safeguards to protect the privacy and security of your personal data during the transfer and to use it only consistent with your relationship with VIEWAPP Europe and the practices described in this Privacy Notice. VIEWAPP Europe also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.

We may share your information with:
- VIEWAPP Europe affiliates—sub-processors, which support our business activities.
- Public official bodies, tax agencies, judges and courts and other competent authorities, when VIEWAPP Europe is legally obliged to provide them to the extent that we are required to do so by law; in connection with any ongoing or prospective legal proceedings; in order to establish, exercise or defend our legal rights (including providing information for the purposes of fraud prevention and reducing financial risks).
- Service providers, who have undertaken to comply with the applicable data protection regulations at the time of contracting:
  - Analytics and Advertising (Google Analytics, Yandex.Metrica — see our Cookie Policy for details)
  - Email Provider (Gmail)
  - Mobile Network Provider
  - Cloud Hosting (AWS)
  - Messaging Platforms (WhatsApp, Telegram and others)
  - Technical Services (Google Cloud Vision API, reCAPTCHA, Kamatera, Kabiku and others)
Security of personal data

VIEWAPP has implemented administrative, physical and technical measures to protect your data from unauthorized access and modification. We will comply with applicable law in the event of any breach of the security, confidentiality or integrity of your Personal Data and, if such a step is deemed appropriate or required by applicable law, will notify you by e-mail, SMS or through prominent publications on the site as soon as possible and without unreasonable delays, provided that such actions will comply with legal requirements of law enforcement agencies or any measures necessary to determine the extent of the violation and restore the integrity of the data system to an acceptable extent.

VIEWAPP Europe is hosted on Amazon Web Services (AWS) cloud services, which provides comprehensive data protection and is certified under ISO/IEC 27001:2013, 27017:2015, 27018:2019, 9001:2015, CSA STAR CCM v3.0.1.
Third party websites

Our portal may include hyperlinks to, and details of third party websites. We have no control over, and we are not responsible for the privacy policies and practices of third parties.
Transfer personal data to third countries

To the extent that VIEWAPP Europe has offices and organizational structures in third countries outside the EU/EEA, your data may be shared within our international business processes to perform our legal or contractual obligations to you or our business partners. We have a particular intra-group data transfer agreement in place. When such data transfers involve external data importers, we enter in respective standard contractual clauses with them
Automated decisions

We neither use automated decision-making nor your personal data to automatically assess aspects of your personality (automated profiling).
What are your rights when you give us your data?

You have the following rights:

To request information about the processing of your personal data and get access to the personal data held about you

Under Article 15 of the GDPR, individuals have a right of access that gives them the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why companies are using their data, and check the lawfulness of the processing.

To request that any incorrect, inaccurate or incomplete personal data be corrected

Under Article 16 of the GDPR, individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing.

To request that personal data be erased when it is no longer needed or if processing is unlawful

Under Article 17 of the GDPR, individuals have the right to have personal data erased. This is also known as the 'right to be forgotten'. The right is not absolute and only applies in certain circumstances.

To request the restriction of processing your personal data in specific cases

Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organization uses their data. This is an alternative to requesting the erasure of their data.

To receive your personal data in a machine-readable format and transfer them to another controller ('data portability')

Under Article 20 of the GDPR, individuals have the right to data portability that gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits those data directly to another controller.

To object to the processing of your personal data for marketing purposes, or if there are grounds relating to your particular situation

Article 21 of the GDPR gives individuals the right to object to the processing of their personal data at any time. This effectively allows individuals to stop or prevent you from processing their personal data.

Not to be subject to a decision based solely on automated processing

Under Article 22 of the GDPR individuals have the right to request that decisions based on automated processing of their personal data, which significantly affect them, are made by natural persons and not only by computers. In such cases, they also have the right to express their point of view and challenge the decision.

To withdraw your consent at any time

The GDPR gives a specific right to withdraw consent. You need to tell people about their right to withdraw, and offer them easy ways to withdraw consent at any time.

You also have a right to lodge a complaint with a supervisory authority: Spanish Data Protection Agency: www.aepd.es or another of your choice.
How do we update this notice?

We may update this notice from time to time by publishing a new version on our website.