Privacy Policy

1. About us - who we are and how to contact us:

ZOA up is owned by Zoia Pamirova-Matros. The last is a physical person, established in Bulgaria. The administrator is responsible for providing the service and operating the application as described in this privacy policy. We shall collect, process, and store personal data in accordance with applicable data protection laws and regulations.

We will handle personal data with the utmost care and confidentiality, taking all necessary measures to protect it from unauthorized access, alteration, or disclosure. We will only use personal data for the purposes outlined in this privacy policy unless otherwise required by law.

We will ensure compliance with data protection laws and regulations and will be responsible for the overall management and operation of the application. We will take appropriate technical and organizational measures to safeguard personal data and will regularly review and update our policies and procedures to ensure ongoing compliance with applicable data protection laws and regulations.

The aim of the privacy policy is to provide transparency and clarity regarding how personal data is collected, used, processed, and protected. The privacy policy aims to inform individuals about their rights and choices regarding their personal data and to establish trust by outlining the measures taken to protect their privacy. Additionally, the privacy policy aims to ensure compliance with applicable data protection laws and regulations and to demonstrate the commitment of the entity to handle personal data responsibly and in accordance with legal requirements.

If you have any further questions, after having read the below-stated privacy policy and terms of use, please do not hesitate to contact us, by one of the following ways:

By e-mail: info@zoaup.com

Please note that if there are any terms in this privacy policy that you do not agree with, you should discontinue use of our sites and our services.

2. Personal data we collect:

We collect various types of personal data, which may include:

Contact information: such as your name [you may enter not only your real name but also a pseudonym or nickname], email address, phone number.
Demographic information: such as your age and gender.
Relationship with the person you're interested in.
Account information: such as your username, password, and other credentials used to access our services.
Usage information: such as your application history, search queries, and interactions with our website or application.
Device information: such as your IP address, device type, operating system, and browser type.
Communication information: such as your preferences for receiving communications from us, and any communication or correspondence you have with us.
Social media information: if you choose to connect your social media accounts with our services, we may collect information from those accounts.

Please note that the specific types of personal data collected may vary depending on the nature of our services and the interactions you have with us. We only collect personal data that is necessary for the purposes outlined in our privacy policy and in compliance with applicable laws and regulations.

3. Purposes for collection of personal data:

Personal data is collected for the following purposes:

Providing and improving our services: We collect personal data to deliver and enhance the services we offer. This includes personalizing your experience and providing customer support.
Communication and marketing: We may use your personal data to communicate with you, respond to your inquiries, and provide you with information about our services unless you inform us by e-mail that you're not interested in receiving such communications.
Analytics and research: We may collect personal data to analyze user behavior, trends, and preferences to improve our services, enhance user experience, and conduct market research.
Compliance with legal obligations: We may collect and process personal data to comply with applicable laws, regulations, and legal obligations.
Security and fraud prevention: We collect personal data to ensure the security of our services.
Consent-based purposes: We may collect and process personal data for any other purpose for which you have given your explicit consent.

We will only collect and process personal data to the extent necessary for the above-mentioned purposes and in compliance with applicable data protection laws and regulations.

4. For how long is personal data stored?

The duration for which personal data is stored can vary depending on the specific context and legal requirements. As a general principle, personal data would not be kept for longer than necessary to fulfill the purposes for which it was collected.

The retention period for personal data is determined by considering factors such as the nature of the personal data, the purposes for which it is processed, any legal obligations or contractual requirements, and business needs.

Once the retention period expires, personal data is securely deleted or anonymized to ensure it is no longer identifiable or retained longer than necessary.

Personal data is to be deleted upon request of the subject of personal data.

It is important to note that some legal obligations or legitimate business interests may require certain personal data to be retained even after a deletion request. We will inform you if any exceptions apply to your specific request.

5. Principles of personal data processing:

The principles of personal data processing refer to a set of fundamental guidelines that we follow when collecting, storing, using, and sharing personal data. These principles help ensure that personal data is processed in a fair, transparent, and secure manner. Our principles include:

Lawfulness, fairness, and transparency: Personal data should be processed lawfully, meaning there must be a valid legal basis for processing. It should also be done in a fair and transparent manner, with individuals being informed about the purpose and processing activities.
Purpose limitation: Personal data should be collected for specified, explicit, and legitimate purposes. It should not be further processed in a manner incompatible with those purposes.
Data minimization: Only the minimum amount of personal data necessary for the intended purpose should be collected and processed. Unnecessary or excessive data should be avoided.
Accuracy: Personal data should be accurate, kept up to date, and necessary steps should be taken to rectify or erase inaccurate or incomplete data.
Storage limitation: Personal data should be stored for no longer than necessary to fulfill the purpose for which it was collected.
Integrity and confidentiality: Personal data would be processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.

6. Storage of personal data and security measures:

The storage of personal data is done in a secure and responsible manner. Personal data is stored in Google Firebase mainly, and analytics marketing data in Mixpanel/Google. Personal data is stored securely to protect it from unauthorized access, loss, or misuse. This includes measures such as encryption, access controls, firewalls, and regular security audits.

We have adopted the following principles in ensuring the security of personal data:

Purpose limitation: Personal data should only be stored for the specific purposes for which it was collected. It should not be retained longer than necessary to fulfill those purposes.
Access controls: We implement access controls to restrict access to personal data. This involves assigning specific user roles and permissions to individuals based on their job responsibilities and the need to access certain types of personal data.
User authentication: We have adopted strong user authentication methods, such as unique usernames and passwords, to ensure that only authorized individuals can access personal data.
Principle of least privilege: We follow the principle of least privilege, which means granting individuals access only to the specific personal data necessary for them to perform their job duties. We regularly review and update access rights based on changing roles and responsibilities.

7. Access of third parties to personal data:

Access to personal data by third parties is possible in each one of the following hypotheses:

Legal basis: On a lawful basis for sharing personal data with third parties. This may include obtaining consent from the individuals, fulfilling a contractual obligation, or complying with legal requirements.
Data processing agreements: If there is a written agreement or contract with third parties, such as data processing agreements or data sharing agreements, that clearly outline the terms and conditions of the data sharing arrangement.

However, if the third party engages subprocessors (subcontractors) to process personal data on their behalf, we always ensure that appropriate contractual arrangements are in place to maintain the same level of data protection and security.

8. Rights of the data subject:

Data subjects have certain rights regarding the processing of their personal data that include:

Right to access: Data subjects have the right to obtain confirmation as to whether or not their personal data is being processed, and if so, to access that data and obtain information about how it is being processed.
Right to rectification: Data subjects have the right to request the correction or updating of inaccurate or incomplete personal data.
Right to erasure (right to be forgotten): Data subjects have the right to request the deletion of their personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected or if the data processing is based on consent and the individual withdraws consent.
Right to restriction of processing: Data subjects have the right to request the limitation of processing of their personal data in certain situations, such as when the accuracy of the data is contested or when the processing is unlawful.
Right to data portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another organization, where technically feasible.
Right to object: Data subjects have the right to object to the processing of their personal data, including for direct marketing purposes or when the processing is based on legitimate interests.
Right to withdraw consent: If the processing of personal data is based on consent, data subjects have the right to withdraw their consent at any time.
Right to lodge a complaint: Data subjects have the right to lodge a complaint with the competent data protection supervising authority depending on where they reside, work or where the alleged infringement has taken place if they believe that their rights under data protection laws have been violated.

Data subjects execute their rights by sending an e-mail to info@zoaup.com with a concrete request.

9. Third party links and features:

The [...] may contain links, banners, widgets or advertisements that lead to other websites, apps, or services not subject to this Privacy Policy. We are not responsible for the privacy practices or the content of any other websites to which the Services link or which link to our Services. The privacy policies of these other sites will govern the collection and use of your information thereon, and we encourage you to read each such policy to learn about how your information may be treated by others.

10. Changes to our privacy policy:

We reserve the right to amend this Privacy Policy to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. Amendments to this privacy policy are published on this page and upon their publication, data subjects are deemed to have been notified about the amendments. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.

11. Push notifications

The application uses push notifications for keeping users informed and engaged by delivering timely and personalized messages directly to their devices, ensuring they never miss anything out.

12. Firebase Remote Config &Firebase Analytics. Meta Ads Manager & Google Ads

The application uses Firebase Remote Config and Firebase Analytics which helps for delivering a more personalized and optimized app experience to users without the need for app updates or re-submissions to app stores. The application also leverages the power of Meta Ads Manager and Google Ads to effectively manage and optimize its advertising campaigns.