This Privacy Statement informs you about the type of personal data that is collected and received through the application “Colour Sensor ”, and about how we use, share, retain and protect such personal data.
Who we are
This app is built and operated by UDO (“data controller”) on behalf of the brand owner AkzoNobel. We are a Dutch joint venture of Paradox Concepts and Next Lab (“we”, or “us”). We have our registered offices at Bergerstraat 2, 6226 NA Maastricht, The Netherlands: (KVK) 55362842 and 61304239.
The types of data we may obtain
We may collect and receive the following personal data from you:
- We temporarily store your IP address to be able to deliver our service for purposes such as logs. This information is stored for at most 90 days.
- Anonymous behavioural data such as when you open the app or scan a colour. This does not include any personal identification such as IP address or other unique identification numbers. This gives us insight in how our app is being used so we can improve our service. This task is not executed by a third party service provider. We retain this data for at most 5 years. This data includes:
- Date and time
- Scanned colour
- Matched colour
- Coarse location at city level estimated by IP address
- Colour scanner serial number
- Device type, OS version and app version
- Your colour projects will be backed up on our cloud services. This data may also be used for anonymous analytics purposes. This data will be removed as soon as you remove it from your app. It will not be used for data processing of any other kind.
- To make sure your app installation can identify itself and we can provide your personal colour projects, each installation contains a unique instance ID. The instance ID will be cleared after deleting the app.
- Crash logs. To improve our app, we might send a crash report to our services. This includes your device specifications and crash details. This only happens after your explicit consent. We store this information for 30 days.
How we may share your data
We may share the personal data we collect and receive on a need to know basis with the following third parties:
- The app’s brand owner AkzoNobel;
- Trusted Service providers: Firebase Realtime Database (firebase.google.com), Sentry Crash Logging (sentry.io)
- Competent public authorities or other third parties, if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others.
- We may also transfer your personal data in the event that we sell or transfer all or a portion of our business or assets on a need to know basis. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal data you have provided to us in a manner that is consistent with applicable law and this Privacy Statement.
Data transfers outside the EEA
We may transfer the personal data we obtain to third parties in countries outside the European Economic Area (EEA). The laws in those countries may not offer an adequate level of data protection. In particular, personal data may be transferred to the United States.
When we transfer your personal data outside the EEA, we will protect your personal data as described in this Privacy Statement and in accordance with applicable law, such as by entering into the European Commission’s Standard Contractual Clauses for the transfer of personal data to a processor located outside of the European Union.
How we protect personal data
We maintain appropriate technical and organisational security safeguards designed to protect your personal data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. However, due the inherent open nature of the Internet, we cannot guarantee that communications between you and us or the personal information stored is absolutely secure. We will notify you of any data breach that is likely to have unfavourable consequences for your privacy in accordance with applicable law.
You have the following rights in relation to your personal data:
- The right to obtain, at reasonable intervals and free of charge, information on whether or not your personal data are being processed and to receive the personal data that is being processed in an intelligible form;
- The right to request rectification or erasure of personal data or restriction of or objection to processing of your personal data. You may also request us to provide you your data in a structured, commonly used and machine readable format which can be transmitted to another controller.
- To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence your identity. We will respond to your request within the applicable statutory term.
- Moreover, subject to this Privacy Statement, you have the right to lodge a complaint with the competent supervisory authority.
Updates to this Privacy Statement
We may update this Privacy Statement from time to time. We will notify you of any significant changes to this Privacy Statement on the website or through other appropriate communication channels. All changes shall be effective from the date of publication, unless otherwise provided in the notification.
How to Contact Us
If you have any comments or inquiries about the information in this Privacy Statement, if you would like us to update your personal data, or to exercise your rights, please contact us by email at email@example.com.