BAR PRIVACY STATEMENT

In this Privacy Statement, the company Pixplicity B.V. (referred to below as “Pix” or “we”/“us”) explains how – as the “controller” – it deals with the personal data it obtains and processes in connection with your use of the BAR application for iOS and Android (the “App”).

Information that can be traced back to an individual is referred to as “personal data”. The collection, use, and storage of personal data is referred to as “processing”. By “you”/”you” we mean anyone who falls within the scope of this Privacy Statement, in particular people who use the App.

1. How we acquire personal data

In order to use the App, you need an account. We collect personal information from you, for example, because you provide it to us yourself when registering an account. But we also collect personal data through your use of our services, such as the App and third-party services that you use. We do not sell your personal information.

Information provided when creating an account If you want to use the App, we need certain information from you. If you don’t provide that information, you will not be able to use the App. The data about you that we process includes your contact details, name and phone number.

Data collected through your use of the App

We collect general information about how you use the App and how users of the App interact with our services, what their preferences are, and which settings they select. In some cases, we do so by means of pixel tags and similar technologies that create and store unique identifiers (see below). In addition, we may collect information about your mobile device, such as the model, operating system and version, preferred language, unique identifier, serial number, and mobile network information. When you interact with the App, we collect server logs, which may include information such as the device’s IP address, access data and times, App functions or pages viewed, App crashes and other system activities, the type of browser, and the third-party sites or services that you used before you interacted with the App. We do this in order to improve your user experience of the App. (See also section 4 below: Purposes and principles for processing personal data.)

2. Principles: the legal basis for using personal data

We are permitted to use personal data based on six different “principles” referred to in the relevant legislation:

3. What are “legitimate interests”?

We sometimes process personal data because of our own legitimate interests. When we do so is explained below. There are various kinds of legitimate interests. In the case of Pix, they include marketing, creating brand awareness of the organisation, communication, IT management and security, research/analysis of our own products or services so as to optimise the services that Pix offers you as a user of the App, operational management, legal matters, and internal management. We only process personal data on the basis of a “legitimate interest” if the processing does not unnecessarily impact your privacy. If you want to know how we weigh up the decision, please contact us (see also section 11: Contacting Pix).

4. Purposes and principles for processing personal data

We process your personal data (on the basis of the above principles) for the following purposes:

5. Sharing/acquiring data with/from third parties

Your personal data can be shared with:

Your data will only be passed on to the above third parties to the extent permitted by the applicable legislation and regulations.

Some of the third parties that we engage qualify as “processors” (for example hosting service providers, or parties organising or conducting campaigns or surveys). We make arrangements with such parties in accordance with the applicable statutory requirements.

The App sometimes uses information from third parties or external sources, for example in the case of certain cards relating to your use of another app or service. This is then clearly indicated.

6. Your consent

As already noted above, in a number of cases we need your unambiguous consent before we can carry out certain processing of personal data (or have it carried out). If such consent is required, we will ask you for it, outside the scope of this Privacy Statement. We may need your consent, among other things, for the following processing operations:

You are free to decide whether or not to give your consent, if consent is applicable. If you do give consent, you can withdraw it whenever you wish. Not giving consent, or withdrawing it, may have consequences for the provision of services by Pix. For example, you won’t be able to fully use the App if you don’t share any information with other users.

7. Transfer of data to countries outside the EEA

Your personal data may sometimes also be transferred to (or stored by) a recipient outside the European Economic Area (EEA), for example our service provider Google Cloud, which stores data in the US. The countries where such recipients are located may have different rules regarding the use and protection of personal information. If those rules do not ensure an appropriate level of protection, we will make sure that additional safeguards have been agreed on. For example, we will use US service providers (such as Google) that have voluntarily submitted to the EU-US Privacy Shield, and in other cases we will normally use EU model agreements for the transfer of personal data. Please contact us if you want a copy of the relevant safeguards.

8. Your rights, including the right of objection

You have the right to know what personal data we hold about you and for what purposes. You also have the right to access that data and correct it where necessary. If you have given your consent, you can withdraw it at any time, with the relevant processing then being stopped from that point on. In certain cases, you may have the right to object to processing that relates to direct marketing and processing based on the “legitimate interest” principle, and to ask us to restrict the use of your personal data or to delete or transfer it (“data portability”). You also have the right to lodge a complaint with the (Dutch) Data Protection Authority [Autoriteit Persoonsgegevens] (the “DPA”). You can only exercise these rights to the extent that the applicable legislation grants them to you.

You can exercise the above rights (with the exception of the right to lodge a complaint) by sending a request by email to bar@welcometobar.com. We reserve the right to reject certain requests if that is legally permissible.

9. Retention period

We basically retain your personal data no longer than is necessary for the purposes for which it was obtained and to comply with our statutory obligations. This generally means that your personal data will be retained for as long as one of the following situations applies:

10. Amendments to this Privacy Statement

We can amend or supplement this Privacy Statement unilaterally. If required by law, we will announce the relevant changes.

11. Contacting Pix

If you have questions and/or remarks regarding this Privacy Statement or the processing of personal data, you can contact Pix by email at bar@welcometobar.com.

This Privacy Statement was most recently updated on 13 February 2023.