Updated Dec 5 2023
In this Privacy Notice, "we", "us" and "our" refers to Prestige Labs, Inc., a Delaware corporation located at 8 The Grn Ste 7491 Dover, DE 19901.
“Personal data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” means any operation or set of operations which is performed on personal data (as defined in this Privacy Notice) or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. Navigating this Privacy Notice
If you are viewing this Privacy Notice online, you can click on the below links to jump to the relevant section:
How We Use Personal Data
Use of Third Party Applications
Sharing Your Personal Data
Transferring Your data outside of the EU
Existence of Automated Decision-making
Your Rights as a Data Subject
Storing Personal Data
Changes to this Privacy Notice
3. How We Use Personal Data
3.1. When visiting our website
We may collect and process Personal Data about your use of our website. This data may include:
the browser types and versions used;
the operating system used by the accessing system;
the website from which an accessing system reaches our website (so-called referrers);
behavior: subpage, duration, and revisit
the date and time of access to our website,
the Internet protocol address (“IP address”);
the Internet service provider of the accessing system; and
any other similar data and information that may be used in the event of attacks on our information technology systems.
This data may be processed in order to deliver the content of our website correctly, to optimize the content of our website to ensure the long-term viability of our information technology systems and website technology, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
The legal basis for this processing is our legitimate business interests, namely monitoring and improving our website and the proper protection of our business against risks and your consent when agreeing to accept cookies.
3.2. When using the Services
When using the Services, we may collect and process personal data. The data will be stored in different instances.
(a) In MongoDB and Cloudflare we will store the following data:
The email address and security credentials from your passkey associated with your account
The legal basis for this processing is that it is necessary to fulfill a contract with you.
(b) Log Data in New Relic and Sentry
Browser user agent data
We need this data to be able to debug issues and provide support for our application. The legal basis for this processing is that it is necessary to fulfill a contract with you.
(c) Subscription information via Stripe
We utilize Stripe as our payment processor and rely upon them to secure and hold any credit card or payment information. The legal basis for this processing is that it is necessary to fulfill a contract with you.
3.3 Other uses of your Personal Data
We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
Further, we may process your Personal data where such processing is necessary in order for us to comply with a legal obligation to which we are subject. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights.
4. Use of Third-Party Applications
4.1. Cloudflare, MongoDB, New Relic, Sentry
We use Cloudflare, MongoDB, New Relic and Sentry to store log and database data as described in section 3.2. For further information and the applicable data protection provisions of Cloudflare please visit https://www.cloudflare.com/privacypolicy/ and for MongoDB https://www.mongodb.com/legal/privacy-policy
4.2. Apple App Store / Google Play
Apple and Google most likely track user behavior when downloading apps from their stores as well as when using apps. We (Chamber) only have very limited access to that data. We can view aggregated statistics on installs and uninstalls. Grouping by device type, app version, language, carrier and country is possible.
4.3. Fingerprint/Touch ID/ Face ID
We enable the user to unlock the mobile app via fingerprint/ touch ID (Android and iOS) and Face ID (iPhone X). This is a feature of the operating system. We do not store any of this data. Instead, a proprietary API of the operating system is used to validate the user input. If you have any further questions regarding fingerprint/ touch ID/ face ID you should consult with your preferred mobile device provider or manufacturer.
4.9. Cloudflare We use Cloudflare to store log, database and application data as described in section 3.2. For further information and the applicable data protection provisions of Cloudflare please visit https://www.cloudflare.com/privacypolicy/
4.10 MongoDB We use MongoDB to store log, database and application data as described in section 3.2. For further information and the applicable data protection provisions of Cloudflare please visit https://www.mongodb.com/legal/privacy-policy
5. Sharing Your Personal Data
We may pass your information to our Business Partners, administration centers, third party service providers, agents, subcontractors and other associated organizations for the purposes of completing tasks and providing our services to you.
In addition, when we use any other third-party service providers, we will disclose only the personal information that is necessary to deliver the service required and we will ensure that they keep your information secure and not use it for their own direct marketing purposes. In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganization, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.
6. Transferring Your data outside Your Location
The data mentioned in Sections 3.2(b) and (c) will be stored in Amazon Web Services, which is based in the US. Amazon is certified under the EU- US Privacy Shield. Firebase is part of Google LLC., which is based in the US. Google is certified under the EU-US Privacy Shield. Intercom is based in the US, however has self-certified to the EU-U.S. and Swiss-U.S. Privacy Shield. We also use other data transfer mechanisms such as the Standard Contractual Clauses to ensure that our transfer of your data complies with applicable law.
7. Existence of Automated Decision-making.
We do not use automatic decision-making or profiling when processing Personal Data.
8. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Your Rights as a Data Subject in the EEA
If you reside in the European Economic Area, then you have the following rights under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website.
9.1 Right Information and access
You have a right to be informed about the processing of your personal data (and if you did not give it to us, information as to the source) and this Privacy Notice intends to provide the information. Of course, if you have any further questions you can contact us.
9.2 Right to rectification
You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information. The accuracy of your information is important to us. If you do not want us to use your Personal Information in the manner set out in this Privacy Notice, or need to advise us of any changes to your personal information, or would like any more information about the way in which we collect and use your Personal Information, please contact us at the above details.
9.3 Right to erasure (right to be “forgotten”)
You have the general right to request the erasure of your personal information in the following circumstances:
the personal information is no longer necessary for the purpose for which it was collected;
you withdraw your consent to consent based processing and no other legal justification for processing applies;
you object to processing for direct marketing purposes;
we unlawfully processed your personal information; and
erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
Exercising the right of freedom of expression and information;
Complying with a legal obligation under EU or other applicable law;
The performance of a task carried out in the public interest;
Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and
The establishment, exercise, or defense of legal claims.
9.4 Right to restrict processing and right to object to processing
You have a right to restrict processing of your personal information, such as where:
you contest the accuracy of the personal information;
where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defense of legal claims.
You also have the right to object to processing of your personal information under certain circumstances, such as where the processing is based on your consent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
9.5 Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.
9.6 Right to freedom from automated decision-making
As explained above, we do not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
9.7 Right to object to direct marketing (“opting out”)
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes unless:
You have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above); and
You have otherwise given your prior consent (such as when you download one of our guides)
You can change your marketing preferences at any time by contacting us on the above details. On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data. You may also opt-out at any time by contacting us on the below details.
Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Privacy Notice or applicable terms of business, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe as they are necessary to provide the services requested. Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our website or as part of a contractual relationship we may have with you.
9.8 Right to request access
You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Information that we hold or process. To protect your personal information, we follow set storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us on the above details.
9.9 Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us on the above details.
Raising a complaint about how we have handled your personal data:
If you wish to raise a complaint on how we have handled your personal data, you can contact us as set out above and we will then investigate the matter.
9.10 Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to a national data protection supervisory authority in your country of residence. You can find your supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
10. Storing Personal Data
We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this Privacy Notice.
However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
11. Changes to this Privacy Notice
We may make changes to this Privacy Notice from time to time. When we do so, we will notify those who have a business relationship with us or who are subscribed to our emailing lists directly of the changes, and change the ‘Last updated’ date above. We encourage you to review the Privacy Notice whenever you access or use our website to stay informed about our information practices and the choices available to you. If you do not agree to the revised Privacy Notice, you should discontinue your use of this website.
12. Our details
The Services are owned and operated by Prestige Labs, Inc.
You can contact us via:
8 The Grn Ste 7491
Dover, DE 19901
If you have any queries concerning your rights under this Privacy Notice, or if you wish to contact our data protection officer, then please contact us at firstname.lastname@example.org