1. General Provisions
1.1. SoftPotential OÜ1 (hereinafter Service Provider or Innerly) takes the protection of personal data and User privacy (hereinafter also “Client”) very seriously. For the safe use of the game Innerly (hereinafter Innerly), located at https://innerly.me the Service Provider keeps all its employees up to date with Innerly’s Privacy Policy and customer data processing principles.
1.2. Innerly’s privacy policy and principles for processing customer data are an integral part of the Innerly Terms of Use and apply to the extent that they do not conflict with specific service agreements.
1.3. By entering into a Client relationship with Innerly, the Client (hereinafter also referred to as the User) gives the Service Provider consent to the processing of his data on the terms and in the manner established by the Privacy Policy and the principles for processing Client data of Innerly.
2. Terms
2.1. Customer data is any information known to the Service Provider regarding the customer (personal data, contact details, information entered in Innerly, communication, etc.).
2.2. Processing of customer data is any action performed with customer data (including collection, storage, categorization, storage, modification, publication, provision of access, execution of requests and extracts, usage, transfer, cross-use, erasure, etc.).
2.3. A customer relationship is a legal relationship between the Service Provider and a customer in which the customer is a registered User of Innerly and/or uses the Innerly.
2.4. Customer or User – any natural or legal person registered as a Innerly or using Innerly.
2.5. Third party – any person who is not a User or an employee of the Service Provider.
2.6. Service – any service that the Service Provider provides to the Client on the basis of an agreement concluded with him.
2.7. Authorized processor – a person who processes customer data on behalf of the Service Provider.
3. Modification and application of Innerly’s Privacy Policy and Client Data Processing Principles
SoftPotential OÜ is registered in the Commercial Register of the Republic of Estonia, under registration code 14565562.
3.1. The Service Provider has the right at any time to unilaterally change and supplement the Privacy Policy and the principles of processing Client data of Innerly. The Service Provider notifies the User of changes to the Privacy Policy and the principles of processing Client data of Innerly on the https://innerly.me website at least one month prior to the entry into force of the changes, except in the case when the Privacy Policy and the principles for processing Client data of Innerly are changed only on the basis of changes made in legal acts.
3.2. Innerly’s privacy policy and principles for processing customer data apply from the moment they are published on the https://innerly.me website with respect to all Users and the processing of their data, including both existing and new Users.
I. Innerly Privacy Policy
4. Collection of information
4.1. To obtain statistics about Users on the https://innerly.me website, the Service Provider is using the Google Analytics service which adheres to policies, and Facebook tools that employ Facebook data handling policies.
4.2. To receive payments, the Service Provider uses a payment system PayPal which adheres to PayPal privacy policy, and the payment system Stripe that follows Stripe privacy policies.
4.3. Website https://innerly.me is divided into a public part and a part with restricted access. Only Users with valid permissions are allowed to access the page with restricted access. Various identification methods are used to recognize Users, which may require sending a User tag to a third party offering an authentication service. After logging into a password-protected website https://innerly.me, the Service Provider collects information about the User, their IP address, and their actions.
4.4. The Service Provider also collects the contact details of persons who contact the Service Provider.
4.5. The Service Provider is not responsible for the principles of processing Client data entered by the Client through the links referred to in paragraph 4.2., and for protecting their confidentiality.
5. Use of information
5.1. Information collected from the site https://innerly.me is used to analyze website https://innerly.me and for User recognition.
5.2. From the page of the https://innerly.me website with restricted access general statistical information that the Service Provider has the right to share with third parties is collected.
5.3. The Service Provider does not collect, sell or provide personal and contact data, except as outlined in the Innerly Privacy Policy and Client Data Processing Principles.
6. Storage of information
6.1. Information is stored and archived on a secure server, which may be located in the Republic of Estonia or another country. Access to the server has a limited circle of people.
6.2. Security is ensured through strict privacy protection standards maintained by dedicated third parties.
7. Disclosure of information
7.1. In cases provisioned by law, the Service Provider may be required to disclose personal data.
7.2. Also, the Service Provider has the right, on its own initiative, to disclose personal data and additional information if, in the opinion of the Service Provider, it will help to avoid violations of the law or the Innerly.
7.3. If the Client enters false data into his profile, for example, someone else’s e-mail address, the User’s account will be visible to the person whose data the Client used. To avoid misunderstandings, the Service Provider asks that you carefully check the validity of the entered personal data.
8. Technologies employed
8.1. The Service Provider uses cookies – small text files placed by the website on the hard drive of the User’s device. This allows the Service Provider to collect certain information from the web browser of the User’s device, including remembering the active session and assisting in site navigation.
8.2. To use Innerly, the User’s device must have cookies enabled.
8.3. The Service Provider works to protect Innerly from unauthorized access to information held by Innerly or its unauthorized modification, disclosure, or violation. For this, among other things, the Service Provider uses SSL to encrypt data, which ensures the secure transmission of data from the Client computer to the Innerly.
9. Questions
9.1. If a User or any person has questions or concerns regarding Innerly’s Privacy Policy and Customer Data Processing Principles or related to a breach of a person’s privacy, the Service Provider asks to contact the Service Providers at info@innerly.me
II. Innerly Customer Data Processing Principles
10. General principles for processing customer data
10.1. The Service Provider processes Client data in accordance with the requirements established by the Personal Data Protection Law of the Republic of Estonia, other relevant legal acts, and the Privacy Policy and principles for processing Client data by Innerly.
10.2. The Service Provider applies reasonable IT and other necessary security measures to protect customer data and monitor the processing of customer data.
10.3. The Client is aware and agrees that, despite the measures taken, electronic data exchange may be accompanied by the risk that Client data will become available to third parties, that the transmitted information can be forged, used in one’s own interests, etc.
10.4. The Service Provider cannot ensure the security of customer data and is not responsible for it in case customer data is not protected due to the insecurity of the devices used by the customer or if a third party, regardless of the Service Provider, becomes aware of User data related to the Service provided to the customer or other information used by the User for identification, or information carrier.
10.5. Employees of the Service Provider, in accordance with legal acts and employment or other similar contracts concluded with them, are obliged to maintain the confidentiality of Client data, and this obligation does not have a statute of limitations; for violation of the above duty, liability is provisioned. The employee has the right to process Client data only to the extent necessary to perform the work duties assigned to him.
10.6. The Service Provider requires compliance with Innerly’s Privacy Policy and Customer Data Processing Principles generally from all persons to whom customer data is transferred or disclosed based on Innerly’s Privacy Policy and Customer Data Processing Principles.
10.7. When processing customer data, the Service Provider is limited to the minimum necessary to fulfill the contracts concluded with customers, to better serve customers, and to achieve the goals outlined in the Privacy Policy and the Innerly principles for processing customer data.
11. Composition of processed customer data
11.1. The Service Provider processes all customer data that becomes known to the Service Provider about the customer in the course of the customer relationship. The Service Provider processes primarily, but not exclusively, the following types of customer data:
11.1.1. personal data of the Client (including name, age range, gender, etc.);
11.1.2. customer contact details (including country of residence, email address, etc.);
11.1.3. data pertaining to contracts concluded between the customer and the Service Provider;
11.1.4. data regarding customer habits, preferences, and satisfaction (e.g., Service usage activity, Service preference, customer complaints, etc.);
11.1.5. data about the Client segment (that is, which group or which region the Client belongs to);
11.1.6. data regarding sections of the https://innerly.me website visited by the Client.
12. Purposes of processing customer data
12.1. The Service Provider has the right, in order to establish customer relationships and offer Services, to process all customer data received from the customer, another customer, or from public databases (including data published on the Internet), as well as from third parties, if the transfer such customer data is legal.
12.2. The Service Provider processes customer data to the extent permitted by legal acts in order to:
12.2.1. identify the Client;
12.2.2. to fulfill the contract concluded between the customer and the Service Provider or to ensure the performance of the contract (including for the calculation of fees for the Service and the settlement of accounts) and to exercise their rights arising from the contract concluded or related to the customer, as well as to defend their violated or disputed rights;
12.2.3. conduct customer surveys related to the customer and Services, statistical research, analysis, and reporting;
12.2.4. administer and develop existing Services and programs used to provide Services, develop new Services;
12.2.5. check and, if necessary, correct or supplement the Client data submitted by the Client;
12.2.6. assess and prevent possible commercial risks or damages related to the provision of the Service.
12.3. The overview of the relative processing of customer data outlined in paragraph 12.2. is not exhaustive. In order to create customer relationships and ensure the provision of Services, Innerly may, if necessary, process customer data for purposes other than those specified in clause 12.2.
12.4. The Service Provider does not process the personalized data entered by the customer for any other purpose than to fulfill its contractual obligations.
13. Transfer of customer data to third parties
13.1. Innerly discloses Client data to third parties only to the extent necessary for third parties to fulfill the purposes set out in the Innerly Privacy Policy and principles for processing Client data.
13.2. Innerly has the right to transfer customer data to:
13.2.1. persons and organizations associated with the provision of Services and the execution of agreements concluded with the Client;
13.2.2. Innerly consultants or other Service Providers, if Client data is necessary in order to provide a quality Service, given that such persons comply with Innerly’s organizational, physical, and information technology requirements for maintaining the confidentiality and protecting Client data;
13.2.3. Service Providers to whom Innerly partially or completely transfers its activities or activities that directly support the main activity (e.g. mailing service, archiving service) under the conditions outlined in legal acts, provided that such persons fulfill the organizational, physical, and information technology requirements established by Innerly for maintaining the confidentiality and protecting Client data;
13.2.4. authorized processors (for example, statistical analysis of the use of Services);
13.2.5. other third parties if the customer is in breach of the contract (e.g., a debt collection Service Provider, a company publishing credit information). The Client is aware of and agrees that the respective parties may process Client data transferred to them in connection with a breach of contract in accordance with their own valid principles for processing Client data.
13.3. The Client is obliged to disclose and transmit Client data in order to fulfill the obligations arising from legal acts.
14. Processing of customer data for the purpose of direct marketing and research into customer habits and satisfaction
14.1. The Service Provider has the right to transfer to the Client:
14.1.1. advertising and offers related to the sale of Innerly Services;
14.1.2. offers and advertisements of carefully selected cooperation partners.
14.2. The Client has the right to inform the Service Provider at any time about his wish not to receive personal offers and advertising in the future.
14.3. General and introductory information about the services provided by Innerly, as well as information related to the execution of the concluded contract, is not considered personal offers and advertising. The Client cannot refuse to receive such information.
14.4. The Service Provider may use technological measures to process information regarding the reading of e-mails and SMS messages sent out by Innerly to the Client, as well as the use of the links contained therein, and information about the use of thehttps://innerly.me website.
14.5. The Service Provider has the right to process customer data to study the customer’s habits, organize surveys for this, analyze the data obtained, and use them to develop new products and services and improve the quality of the current Service. The study of the habits of the Client can be carried out by a third party.
15. Change of customer data and termination of its processing
15.1. The Client is obliged to immediately inform the Service Provider of all changes that are made to the Client data recorded in contracts or other documents submitted by the Service Provider.
15.2. The Service Provider regularly checks the completeness and validity of customer data.
15.3. The Client is obliged to notify the Service Provider if he discovers that his Client data is inaccurate.
15.4. If the Client believes that the processing of his Client data is not permitted in accordance with legal acts, the contract concluded with him and/or the Privacy Policy and the principles for processing Client data of Innerly, then he has the right to demand the termination of processing, disclosure of his Client data and/or security access to them and/or erasure of customer data collected about him.
15.5. The Service Provider processes personal data for as long as it is necessary to achieve the purposes of processing customer data or to fulfill obligations arising from legislation.
15.6. If the Client requests the termination of the processing of his Client data and/or the deletion of the Client data collected about him, the Service Provider has the right to withdraw from the contracts concluded with the Client in exceptional circumstances, without prior notice, if the Service Provider cannot reasonably continue the fulfillment of the contracts.
16. Client rights protection
16.1. The Client has the right to receive from the Service Provider information about the Client data held in relation to him and their processing in the manner and to the extent provided for by the legal acts.
16.2. If the Client considers that his rights are violated during the processing of Client data, he has the right to refer to the Service Provider with a request to stop the violation.
16.3. In addition, the Client has the right to refer to the Data Protection Inspectorate of the Republic of Estonia or the Harju County Court of the Republic of Estonia in case of violation of his rights.
16.4. If it is established that the rights of the Client have been violated during the processing of Client data, the Client has the right to demand compensation for the damage caused to him by the violation.
16.5. The Service Provider is not responsible for the principles of other Users with access to customer data that they use in the processing of customer data and is not responsible for ensuring that other Users with access to customer data retain data confidentiality (i.e. responsibility for input, processing and granting access rights to Client data is borne by Users; personal data can be changed both by Users and their legal representatives and by legal entities that have assigned Users respective powers).
16.6. The Service Provider is not responsible for the principles of processing Client data entered by the Client through the links referred to in clause 14.5., and for protecting their confidentiality.
