Personal Data we collect
We only collect the Personal Data you provide to us during registration (such as your freely chosen profile name, email address, and country of residence) or later when using our App and the Personal Data you request us to collect from third parties on your behalf. We never see your password as it gets encrypted during the registration process.
Purposes for processing your Personal Data
We strive to empower you to gain control over the use of your Personal Data and to capture its value by using our R.E.ACT framework:
Our App enables you to request information from third parties regarding the processing of your Personal Data.
The Personal Data provided by different sources upon your request will be integrated and presented to you in a structured manner for your evaluation.
Based upon your evaluation you can act and determine who may – or may not – process your Personal Data.
Your Personal Data will only be used by us and our technology suppliers (who are obliged to protect your Personal Data to the same extent as we are) to provide you with our services. We do not sell or otherwise transfer your Personal Data to third parties without your prior consent or as we are required under applicable law or regulation. We do not monitor your behavior, track your physical location or subject you to profiling or automated decision-making. We only request and process Personal Data on you from companies you explicitly ask us to obtain on your behalf.
Cookies, Pixels, Device Identifiers
A pixel tag, or pixel, is a small piece of code that can be embedded on websites and emails. We use pixels to learn how you interact with our App, and this information helps us to provide you with a more tailored experience.
We use device identifiers to measure and improve the use and performance of our App.
Protecting your Personal Data
We restrict the use and access to your Personal Data to those who have an absolute need-to-know to provide our services. We maintain appropriate technical and organizational measures, including encryption of data in transit and at rest, to preserve the confidentiality and integrity of your Personal Data. All Personal Data is stored exclusively in a secure hosting environment located in the EU, certain website functionalities are provided by a US supplier duly certified with the EU-US privacy shield, and we ensure compliance with all applicable data protection and security laws.
We grant you all individual data protection rights as per the European Union's General Data Protection Regulation (GDPR) – irrespective of your country of residence.
You have the right to be informed by us on any processing of your Personal Data and obtain a copy thereof to verify the lawfulness of processing (right of access). If you are affected by incorrect or incomplete Personal Data, you may request rectification or completion of any relevant data (right to rectification). You may request the deletion of your Personal Data (right to erasure) or a temporary restriction of processing in certain cases (right to restriction of processing). You may also object to the processing of your Personal Data (right to object), and you have the right to receive your Personal Data in a structured, commonly used and machine-readable format or have your Personal Data transferred to another data controller if technically feasible (right to data portability).
Retaining your Personal Data
We store your Personal Data only for as long as necessary to provide you with our services. You can delete your account at any time by following the instructions provided by our App. A user deletion request results in the user’s Personal Data being removed from One.Thing.Less systems or being fully anonymized, unless retention is required by applicable laws or regulations.
In case you are dissatisfied with any aspect of processing of your Personal Data, we would like to understand how we can solve the issue. Please contact us at firstname.lastname@example.org.
If you would like to contact our EU representative, please send us an email at email@example.com.
You also have the right to contact the data protection supervisory authority in your country of residence.
Version: May 2018