Bubadu Privacy Policy

This policy, alongside our Terms of service, explains how we process your data when you use our Apps/Services.

I. ABOUT US

Bubadu d.o.o is a company registered in Slovenia, with registration number 1318349000 and registered address at this date at Bračičeva ulica 21, 1380 Cerknica, Slovenia, EU (‘’Bubadu’’, ‘’we’’), which offers entertaining mobile applications for Android and iOS, namely Bubbu – My Virtual Pet Cat, Bubbu 2 - My Pet Kingdom, Duddu – My Virtual Pet Dog, Pixie the Pony – Virtual Pet, Bubbu School – My Virtual Pets, Bubbu Restaurant – my Cat Game, Bubbu Jewels – Merge Puzzle and others made available to you from time to time (altogether referred to as ‘’App/s’’ or individually as “App”).

This privacy statement ("Policy”) describes how Bubadu collects and uses the personal information and/or data (the terms are used interchangeably) (the “Information”) you provide. It also describes the choices available to you regarding our use of your Information and your rights.

Any Information you share when using our Apps/Services is controlled by Bubadu who is the data controller in regard to its Apps/Services (the “Data Controller”).

We respect your privacy and take protecting it seriously. If you have any privacy related concerns, please contact us at: [email protected].

II. HOW WE USE YOUR DATA

We process your data to offer our Services, for security reasons, for internal analytics and diagnostics (to maintain and analyze the functioning of the Apps), to show you contextual advertisements, to respond to your questions, as well as to comply with our legal obligations.

LEGAL BASIS

We use your Information in a way you would reasonably expect, as our Services and our data processing have minimal impact on your privacy. Where we process your Information, we do so lawfully based on one of the following legal bases:

Contract performance. This covers data that is processed by us in order to provide you with the Services that you have requested and that we have agreed to provide to you.

Legitimate interests. This covers data processed by us for the purposes that can be reasonably expected within the context of your use of our Services to pursue our legitimate interests, in order to improve our Services and your experience by performing internal analytics, to show you contextual ads, and to ensure safety and security of our Services.

Legal obligation. This covers information that is processed by us to comply with a legal obligation.

TO OFFER OUR SERVICES

We process your data so that you can play the games, make in-app purchases, receive local notifications and use other functionalities available within the Apps. Legal basis: contract performance. Data collected: as stated in the “The data we collect” section of this Policy.

FOR ADVERTISING

Bubadu Apps are designed for families and are suitable for all age groups which is why we decided to set the “do not track” option for all users of our Android and iOS apps. This means that we do not collect advertising identifiers and we don’t pass it to third party providers either.

Contextual advertising. In order to offer some of our Apps for free, we show you ads from third party advertisers, that are based on the content of the App you are using (“contextual ads”). Since we do not track our users, we will never show you ads based on your behavior or interest.

We engage third party ad network providers ("Advertising Providers”) who assist us in delivering advertisements (banners, interstitials, rewarded videos) to you. We have integrated Advertising Providers’ SDKs (a piece of code) into our Apps enabling us to connect ad networks to run in-app ads and to collect the Information needed to display advertisements. The Information is used for ad serving features such as frequency capping (so that you are not displayed with the same ad twice etc.) and ad mediation. The Information may be stored on your device through generally accepted industry technologies used within our Apps (such as local storage).

Cross promotion. We use your Information for cross promoting our Apps and Services, meaning to promote one of our Apps and Services while you are playing a different App of ours.

Legal basis: legitimate interests in order to offer our Apps and Services. Data collected: as stated in the ‘The data we collect' section of this Policy.

Our Apps may contain links to third party websites, products, or services. For example, the Apps may feature offers from third party advertisers or the ability to engage in transactions with such entities. Please note that while using such third party offerings, you are using sites, products, and services developed and administered by people or companies not affiliated with or controlled by us. We are not responsible for the actions of those people or companies, the content of their sites, products or services, the use of information you provide to them, or any products or services they may offer. Our link to such third parties does not constitute our sponsorship of or affiliation with, those people or companies. Nor is such linking an endorsement of such third party’s privacy or information security policies or practices or their compliance with laws. Information collected by third parties, which may include such things as location information or contact details, is governed by their privacy practices. These other websites or services may place their own cookies or other files on your computing device, collect information or solicit personal information from you. We encourage you to learn about the privacy practices of third parties with which you interact. We are not responsible or liable for your interaction with such third parties, the information requests initiated by such third parties, or the subsequent use, treatment or dissemination of the information you voluntarily choose to provide to them.

FOR INTERNAL ANALYTICS AND DIAGNOSTICS

We check how you use our Apps and Services with the help of third party analytics providers (the “Analytics Providers”) and by processing Analytical Information (please see section “The data we collect” of this Policy) to constantly improve our Apps and make them better for you. With the help of identifiers, such as analytics IDs, namely, Bubadu Identifier, Firebase Installation ID, App Set ID (Android) and IDFV (iOS) assigned to your device we can collect Analytical Information and use it to understand and optimize how our Apps are used, improve our marketing efforts, provide content and features that are of interest to you, and conduct statistics, analytics, research and development in order to continuously improve our Apps and make them better for you. This includes correcting technical malfunctions, customization, providing better and improved content, developing new offers, measuring traffic and usage of our Apps, promoting the Apps and improving the user experience. We do not process any information which could directly identify you. We use data log files (IP address, app version, date, OS version, requests, states etc.) and information about your activity within the Apps for internal analytics to improve our Apps.

We choose our Analytics Providers carefully and require them to comply with applicable legislation. To learn what Analytics providers we use please see the section ‘Who has access to your data’ of this policy.

We check Apps info and the performance of the Apps on your device for diagnostics purposes. We use information, such as battery life, loading time, latency, frame rate or any technical diagnostics. This information helps us improve our Apps by diagnosing and fixing bugs or crashes and making future performance improvements.

Legal basis: legitimate interests in order to improve our Apps. Data collected: Analytical Information, Technical information, as stated in the ‘The data we collect section’ of this Policy.

FOR SAFETY AND SECURITY

We use your Information to enhance the safety and security of our Apps, products and Services, to help us detect and prevent fraudulent activity. Legal basis: legitimate interests, to enable us to offer a safe and secure service. Data collected: As stated in the ‘Technical Information’ of this Policy within the ‘The data we collect’ section.

FOR CUSTOMER SUPPORT

We use your Information to respond to any queries you send to our email [email protected]. Legal basis: contract performance. Data collected: email address.

DISCLOSURE FOR LEGAL PURPOSES

We may also disclose information in the following cases:

  • if required by law, for example, to comply with a court order, subpoena, regulation, legal process or other governmental request;

  • to exercise or protect the rights, property or personal safety of the Company, our users or others;

  • to enforce this privacy statement, including investigation of potential violations thereof;

  • upon fulfilling legal requirements of local legislation (for example verifiable parental consent of a legal guardian for child directed apps in the US etc.) in order to supply certain services/information third party might legally request from us;

  • to detect, prevent, or otherwise address fraud, security or technical issues;

  • If Bubadu is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified of any change in ownership or uses of your information via our website;

  • to respond to claims that any content published on the Bubadu Apps violates any right of a third party

III. THE DATA WE COLLECT

DIRECTLY IDENTIFIABLE DATA

EMAIL ADDRESS. We do not collect your email address in order to enable you to use our Apps and Services. However, we use your email to respond to an inquiry received at our email address, namely [email protected].

INDIRECTLY IDENTIFIABLE DATA

To protect your privacy we process your Information with the help of identifiers (Bubadu Identifier, IP address, analytics identifiers) that do not identify you personally but may uniquely identify your device.

IP ADDRESS. We will collect your IP address on third party web servers for security reasons to help us detect and prevent fraudulent activity and to get the country information needed for cross promotion.

ANALYTICS IDENTIFIER. The analytics provider Firebase Analytics (GA4F) automatically generates and assigns a Firebase Installation ID (app-installation ID) to identify a unique installation of our App. The Firebase Installation ID is used to compute your metrics throughout analytics. The analytics provider Singular uses analytics identifiers, namely App Set ID (Android) and IDFV (iOS). We use Bubadu Identifier to perform analytics for cross promotion purposes.

BUBADU IDENTIFIER. We use our own identifier to perform cross promotion (‘’Bubadu Identifier’’). Bubadu Identifier is a random string in a text file on your device that uniquely identifies your device but not you personally. When sent to our server, it will be coded in a way that we will not be able to decode it and will be deleted after 3 days or 1 month and 3 days if back upped to our server.

TECHNICAL DATA

We collect technical information about your device that is necessary for you to use our Apps and additional technical data that enables us to maintain and analyze the functioning of the Apps, personalize the content of the Apps, and display contextual advertisements.

Technical information that we collect is IP address (location: country or region, not specific enough to identify a street), language (language set on the device and not based on location) information about your device (device type, version and type of operating system, mobile phone carrier, screen resolution, network provider, network status, SDK version, API key, application version, Android or iOS Vendor, storage size, screen size, firmware), data log files from servers (IP address, app version, date, OS version, requests, states etc.), session information, levels achieved and in-app purchases.

ADVERTISING DATA

We use the ‘’do not track’’ option for all our Apps which means that we do not collect advertising identifiers (such as Android Advertising ID and Advertising Identifier for iOS) and do not pass them to advertisers.

We have integrated Advertising Providers’ SDKs (a piece of code) into our Apps enabling us to connect ad networks to run in-app ads and to collect the Information needed to display advertisements such as IP address, location data (specific enough to identify a state for cross promo ads and city for analytics), raw data log files on servers (IP address, date, time, requests, state etc.), data about the add (campaign id, creative, country, Bubadu Identifier (not shared with advertisers), date, timestamp, app, orientation, store, status of the ad - requested, loaded, displayed, clicked ad). Contextual advertising can come from the type of device being used, the game/app genre, or the selected language.

We analyze advertisement response (including clicks on ads, if it originated a follow-up action to a third party e.g., “conversion” event), which advertisements are shown, the date and time a particular ad is served, angle view, and information about the advertisements reviewed by the user.

Our Advertising Providers collect data regarding advertisement performance, user interaction with ads and our Apps. For more information please read the section “Who has access to your data”.

We use StoreKit Ad Network, or SKAdNetwork, a privacy-centric API operated by Apple. It helps ad networks and advertisers measure their ad activity (such as impressions, clicks, and app installs) on an aggregated level.

CROSS PROMOTION DATA

We use our own identifier to perform cross promotion (the ‘’Bubadu Identifier’’). Bubadu Identifier is a random string in a text file on your device, a persistent identifier that permits identification of your device. When sent to our server, it will be coded in a way that we will not be able to decode it and automatically deleted after 3 days or 1 month and 3 days.

To perform cross promotion we use the following information: Campaign_id, creative_id, country_id, Bubadu Identifier, date, timestamp, app_id, orientation, store, status (requested, loaded, displayed, clicked).

ANALYTICS DATA

We perform analytics with the help of identifiers, namely  IP address and analytics provider’s unique ID, namely, Firebase Installation ID assigned to your device for Google Analytics, App Set ID (Android) and IDFV (iOS) for Singular and Bubadu Identifier.

We log basic events so that we can understand your actions within the Apps (gaming level reached, first opened the app, how many items you bought, in which currency etc.), we see system events or errors, we track metrics such as user engagement and behavior per screen so that we can improve the App and make it more appealing, we can see how many users installed our App in a specific country etc.

We analyze characteristics obtained by your use, such as data about Apps you used, any actions or movements within the Apps, date and time, response times, download errors, length of visits, interaction information such as scrolling, clicks, and mouse-overs, what tools in the Apps you use, your interaction with the service and your behavior on the service, average nr. of seen ads, most watched rewarded videos placement, session time, retention, average minigame time, earnings in minigames, bought items, most popular items etc.

We check Apps info and the performance of the Apps on your device for diagnostics purposes. We use information such as battery life, loading time, latency, frame rate or any technical diagnostics. This information helps us improve our Apps by diagnosing and fixing bugs or crashes and making future performance improvements.

CHILDREN’S DATA

We pride ourselves on offering entertaining Apps for family audiences of all ages. Because we want your child to use our Apps in a safe environment, we have limited the collection and usage of Information for all our Apps.

Children can access many parts of the App/Services and its content and use many of its features without providing us with personal information. We only collect as much information about a child as is reasonably necessary for the child to participate in an activity, and we do not condition the child’s participation on the disclosure of more personal information than is reasonably necessary.

What information do we collect and how do we use it

The only information we collect is identifiers (as described above) and information that identifies a device’s location (not specific enough to identify a street). Identifiers and location information are used only to place contextual advertisements (including frequency capping, fraud prevention and attribution), to personalize the content on the Apps (such as sending local notifications), to maintain or analyze the functioning of the Apps, to perform network communications to protect the security or integrity of the user of the App, to ensure legal or regulatory compliance.

We do not track or create profiles and do not perform behavioral advertising. We limit our Advertising Providers to show only contextual ads and they are prohibited from conducting behavioral advertising, profiling or contacting you in any other way.

Since we don’t collect directly identifiable personal information and use identifiers in a way that is not able to be linked to a directly identifiable person, children are not able to make their personal information publicly available nor the functionalities of our Apps and Services do not allow such disclosure.

Our Practices for Disclosing Children’s Information

We do not share, sell, rent, or transfer children’s personal information other than as described in this section.

We may disclose aggregated information about many of our users, and information that does not identify any individual or device. In addition, we may disclose children’s personal information:

  • To third parties we use to support the internal operations of our App/Service and who are bound by contractual or other obligations to use the information only for such purpose and to keep the information confidential.
  • If we are required to do so by law or legal process, such as to comply with any court order or subpoena or to respond to any government or regulatory request.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Bubadu, our customers or others, including to:
    • protect the safety of a child;
    • protect the safety and security of the App/Service; or
    • enable us to take precautions against liability.
  • To law enforcement agencies or for an investigation related to public safety.

If Bubadu is involved in a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Bubadu’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding or event, we may transfer the personal information we have collected or maintain to the buyer or other successor.

Accessing, Reviewing and Correcting Your Child’s Personal Information

You have the right to review, access and correct any information that we hold about your child. Please see the section ‘Right to access data portability, copy and rectification’ of this Policy for more information.

Who receives or maintains Information from Children

A list of all Providers that may collect or maintain personal information from children through the App/Service is available within the ‘Third Party Service Providers’ section. Please direct inquiries about any third-party operator’s privacy practices and use of children’s information through the contact information provided within their privacy policy.

Deleting Your Child’s Personal Information

You have the right to request deletion of the Information that we hold about you or your child. You can delete all Information by uninstalling all the Apps. The Information will be automatically deleted as described within the section “Storing, transfer, retention and deletion of the data”.

Requesting to stop collection/use of your child's Information

You have the right to request to stop the collection/use of your child's Information. You can restrict the processing used for contextual advertising by choosing the ’Remove Ads’’ option within your in-App settings and buying the ‘No ads’ subscription or by buying the App feature that includes the ‘Remove ads’ option’ or subscribing to a VIP subscription.

Kids Privacy Assured by PRIVO: COPPA Safe Harbor Certification

Bubadu d.o.o. is a member of the PRIVO Kids Privacy Assured COPPA Safe Harbor Certification Program (“the Program”). The Program certification applies to the digital properties listed on the validation page that is viewable by clicking on the PRIVO seal. PRIVO is an independent, third-party organization committed to safeguarding children's information collected online. The PRIVO COPPA certification seal posted on this page indicates Bubadu d.o.o. has established COPPA compliant privacy practices and has agreed to submit to PRIVO’s oversight and consumer dispute resolution process. If you have questions or concerns about our privacy practices, please contact us at +386 1 7096 060 or [email protected]. If you have further concerns after you have contacted us, you can contact PRIVO directly at [email protected].

COPPA Safe Harbor Certification

IV. WHO HAS ACCESS TO YOUR DATA

We cannot provide all the services necessary for the successful operation of our Apps by ourselves. We therefore engage third party service providers (“Providers”) and enable them to collect some Information from you. We strive to obligate our Providers to comply with this Policy, but we cannot provide any guarantee on their behalf. We adhere to the generally accepted industry practices regarding the collection and usage of Information by our Providers and strive to limit their usage to the services they provide for us. We have entered into Data Processing Agreements with our Providers to make sure your data is safe.

When using third party services, you adhere to their data processing practices, as defined in their privacy policies available below. We encourage you to read the privacy policies before using such services. You recognize and agree that Bubadu is not liable for the Provider’s terms and conditions and their use of your Information. If you for example click on the ad within our App and get redirected to a third-party site, your data processing will be governed by such third party provider’s terms and privacy policy. For more information on the third party provider data processing practices, please read their privacy policies.

By voluntarily signing into Providers’ functionalities within our App, you allow the usage of your data to such third parties.

PAYMENT PROVIDERS

In-App purchases. Our Apps enable in-app purchases. We do not process payments for in-app purchases nor have access to your credit card information. Payment transactions for in-app purchases are completed through the app store via your app store account. Any post-purchases are controlled by the selected app store and are subject to specific terms of such app store. Please review the privacy policy and terms of service of your app store.

In order to make a purchase you must use our third party checkout options to finalize and pay for your order. In-app purchases may be made only upon entering the app store password and you are responsible for maintaining the security of such password. Your authentication and security maintenance is subject to specific terms of the selected app store and the OS of your mobile device. You should be aware of the iOS 15-minute and Android 30-minute window after the payment downloading of an Application, during which in-app purchases may be made without inserting an in-app store password.

Apple App Store. If you choose to use the App Store to finalize and pay for your order, you will provide your credit card number directly to Apple. Apple's Privacy Policy will apply to the information you provide to Apple, available here http://www.apple.com/legal/privacy/.

Amazon. If you choose to use Amazon to finalize and pay for your order, you will provide your credit card number directly to Amazon. Amazon's Privacy Policy will apply to the information you provide to Amazon, available here https://www.amazon.in/gp/help/customer/display.html?nodeId=202136010.

Huawei AppGallery. If you choose to use the Huawei AppGallery, please read their User Agreement and Privacy Statement available here https://privacy.consumer.huawei.com/legal/hiapp/terms.htm?country=DE&branchid=1&language=en_GB, and https://privacy.consumer.huawei.com/legal/hiapp/privacy-statement.htm?country=DE&branchid=2&language=en_GB.

Google Play. If you choose to use Google Play by Google Inc., please read their Privacy Policy (https://policies.google.com/privacy) and Terms of Service (https://play.google.com/intl/ALL_uk/about/play-terms/).

APP MARKETPLACES

You can find our Apps on different marketplaces.

App Store. If you choose to use the App Store from Apple Inc., please read the Apple Customer Privacy Policy (https://www.apple.com/legal/privacy/) and Terms of Use (https://www.apple.com/legal/internet-services/terms/site.html).

Google Play. If you choose to use Google Play by Google Inc., please read their Privacy Policy (https://policies.google.com/privacy) and Terms of Service (https://play.google.com/intl/ALL_uk/about/play-terms/). 

Huawei AppGallery. If you choose to use the Huawei AppGallery, please read their User Agreement and Privacy Statement available here https://privacy.consumer.huawei.com/legal/hiapp/terms.htm?country=DE&branchid=1&language=en_GB, and
https://privacy.consumer.huawei.com/legal/hiapp/privacy-statement.htm?country=DE&branchid=2&language=en_GB.

Amazon Appstore. If you choose to use Amazon Appstore by Amazon.com Services LLC, please read Amazon Appstore for Android Terms of Use (https://www.amazon.com/gp/help/customer/display.html?nodeId=201485660) and Amazon.com Privacy Notice (https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ).

ADVERTISING PROVIDERS

We use third party ad network providers (“Advertising providers”) to show ads within our Apps and Services. We select Advertising Providers attentively to maintain compliance with applicable privacy laws hence we only allow the display of contextual advertisements that are child directed within our Apps. Furthermore, we flag to Advertising Providers that users of our Apps fall into the child directed to ensure our Advertising Providers can comply with child protection legislation, namely COPPA restrictions in the US territory. This means they are allowed to use your Information (if any) solely for the purposes of internal operations and contextual advertising but are prohibited from contacting a user, including through behavioral advertising; to amass a profile on a user or use the Information for any other purpose.

Our Advertising Providers are allowed to use the Information collected through the SDK to provide contextual advertisements, conduct ad mediation, support internal operations and improve their products by conducting research and analysis with the use of advertising information to understand and optimize how the advertisements are used. Our Advertising Providers may use cookies and other web-tracking technologies to collect non-personal information in case the user clicks on any of their advertisements.

We have contracted with certain third party advertising networks that assist us in delivering advertising to you.

US territory. We show ads with COPPA settings for the US territory enabled, meaning that the Advertising Providers are obligated to comply with COPPA restrictions as stated herein. If you are a California or Virginia resident you can learn about your rights in the ‘Your Rights’ section of this Policy.

EEA territory. For the purposes of compliance with European data processing legislation, such as the General Data Protection Regulation (the “GDPR’), we have entered into Data Processing Agreements with Advertising Providers and provide the possibility for users to exercise their GDPR rights (see section ‘Your rights’). Some of our Advertising Providers store or transfer data outside EEA. The data is transferred to countries with a current determination of adequacy, such as the EU-US Data Privacy Framework (DPF) and similar adequacy decisions between countries, adhering to Binding Corporate Rules, Standard contractual clauses approved by the European Commission or other appropriate safeguards to protect the transfer of the data,

List of Advertising Providers that we engage:

Kidoz. Kidoz is the leading COPPA & GDPR compliant contextual mobile advertising network. Kidoz SDK, which is integrated into our Apps, is a piece of software that allows us to provide you with customized advertisements designated to children, both in terms of children’s safe content, as well as in terms of data collection. Meaning, that Kidoz will not collect through their SDK any Personal Data without parental consent, except as permitted under applicable law and detailed below. Kidoz does NOT use any Personal Information collected for profiling (e.g., behavioral advertising) or cross device tracking. Kidoz solely serves contextual ads (e.g., if you are interacting with a painting app, they will present advertisements related to painting). In case Kidoz needs to collect any other Personal Information, which is not listed in their privacy policy, Kidoz will ensure parental consent is obtained before doing so, in the event required by applicable law.

Kidoz collects Non-Personal Information: your aggregated usage information and technical information transmitted by your device, including: (i) certain software and hardware information such as type of operating system, type of device, language preference, etc.; and (ii) approximate geo-location (Country), and Personal Information: certain identifiers, such as your Internet Protocol (“IP”) addresses (the addresses of computers on the Internet), or Advertising ID, IDFA (“Identifiers”), if you give the permission. For more information on what data Kidoz collects and how it uses it please read https://kidoz.net/privacy-policies#safe-ad-policy and https://kidoz.net/website-and-kidoz-sdk-privacy-policy.

Google AdMob. AdMob is a mobile advertising subsidiary of Google. AdMob automatically blocks any ad sources that haven’t been self-certified by Google Play from serving ads in apps that are designed specifically for children. For this purpose, we have included a code that calls a specific method for ad requests served to children and specifies the maximum ad content rating. To learn more about Google AdMob please read Google Ads Data Protection Terms (https://business.safety.google/adsservices/). 

Unity Ads. We use Unity Ads ad network provider to show you contextual ads within our App and Services. Since our Apps are child oriented we have sent a signal to Unity which indicates that Unity needs to limit data collection and serve non-personalized ads. For this purpose, Unity has reduced its data collection for its Ads Service. In such instances, they will only collect the Personal Information listed below. Unity collects this Personal Information for internal operations and their legitimate interests in providing the Service to us.

  • IP address is used to provide a compliant experience suitable for your region.
  • Unique Installation-specific ID is used for operational purposes related to the serving of contextual advertisements.

For more information please read Game Player and App User Privacy Policy, https://unity.com/legal/game-player-and-app-user-privacy-policy.
Vungle. We use Vungle as an ad network provider to show you contextual ads within our App and Services. As required by COPPA, Vungle will enable a flag in their system because we have indicated that our Apps are subject to COPPA, meaning that your device history will be disassociated, and the only personal information used by the Vungle Ad Services would be persistent identifiers (e.g., IP address and other identifiers) to provide “support for internal operations” of the Vungle Ad Services (as permitted by COPPA). To learn more about what information Vungle collects through Vungle’s SDK please read their privacy notice https://vungle.com/privacy.

InMobi. InMobi is a mobile marketing platform, owned by InMobi Pte. Ltd., that we use to engage you through contextual mobile advertising. To learn what information InMobi collects and how it uses it please read their privacy policy https://www.inmobi.com/privacy-policy.  InMobi ensures that they do not collect and use information from children’s sites for behavioral advertising (often referred to as interest based advertising).

ironSource. We use the ironSource ad network, owned by ironSource Mobile Ltd., in order to show you contextual ads within our Apps and Services. ironSource uses and shares the data that they collect (including the advertising ID if obtained based on your permission and IP address) from a child-directed app only to serve contextual ads, for frequency capping, for fraud prevention, and for other activities to support our internal operations or the internal operations of the app, as permitted by the COPPA and other applicable regulations. ironSource supports Google Play’s “Designed For Families” program requirements for publishers who have followed the ironSource Designed for Family SDK Functionality instructions. ironSource will not share persistent identifiers with third party external bidders such as DSPs, SSPs, exchanges, and marketplaces, except if specifically directed by us for support for internal operations as defined by the COPPA. For more information please read https://developers.ironsrc.com/ironsource-mobile/air/ironsource-mobile-privacy-policy.

SuperAwesome: SuperAwesome Trading Limited (“SuperAwesome”) is a provider of kid-safe advertising services that are designed specifically for the compliance requirements of younger audiences, including those aged under 13. SuperAwesome places contextual advertising on applications without collecting any personally identifiable information, including persistent identifiers. SuperAwesome is certified as COPPA-compliant by the kidSAFE Seal Program, an FTC-Approved COPPA Safe Harbor Program. Please go to www.kidsafeseal.com for more information. SuperAwesome is a valid licensee, and participating member, of the Entertainment Software Rating Board’s Privacy Certified Program (“ESRB Privacy Certified”). To protect your privacy, SuperAwesome has voluntarily undertaken this privacy initiative, and its services have been reviewed and certified by ESRB Privacy Certified to meet established online information collection, use and disclosure practices. As a licensee of this privacy program, SuperAwesome’s services are subject to frequent audits and other enforcement and accountability mechanisms administered independently by ESRB Privacy Certified. SuperAwesome also provides advertising services in compliance with the General Data Protection Regulation (EU 1996/679). Adopting an approach of ‘privacy by design and by default’, SuperAwesome utilises proprietary technologies so that it neither collects, stores nor shares your personal data to provision advertisements or target advertising to you. You may contact SuperAwesome directly at [email protected] on + 44 203 668 6677, or by post: Privacy Team, SuperAwesome Trading Limited, 22 Long Acre, London WC2E 9LY, United Kingdom.

Gravite. Gravite, owned by AddApptr Gmbh, Registered in the Handelsregister at Amtsgericht Hamburg as HRB 124705, Germany, it's an advertising platform that we use to serve ads. For more information please read https://gravite.net/data-privacy.

VDO.AI. VDO.AI operates as a global advertising technology innovator that we use to serve ads. For more information please read https://www.vdo.ai/legal.

Mintegral. Mintegral, owned by Mintegral International Limited, is a global mobile advertising platform, providing user acquisition, monetisation and creative solutions for advertisers and mobile publishers. Mintegral's COPPA solution is designed so that any persistent identifiers collected about you are processed according to the requirements of COPPA and not used to serve behaviorally-targeted ads or track users for such purposes. In addition, Mintegral will not knowingly collect any other personal information under COPPA (such as the precise geolocation of your device) from you. For more information about kids safety please read https://www.mintegral.com/en/blog/mintegral-passes-kidsafe-coppa-seal-annual-audit. To learn about what information Mintegral collects and how it uses it, please read Mintegral's privacy policy https://www.mintegral.com/en/privacy#privacy-policy-of-the-mintegral-services.

Petal ads. Petal Ads is an ads platform provided by Aspiegel SE, a subsidiary of Huawei incorporated in Ireland, that we use to serve ads on HUAWEI apps. The Aspiegel SE and Petal Ads participate in the IAB Europe Transparency & Consent Framework and comply with its Specifications and Policies. Aspiegel's identification number within the framework is 856. Aspiegel also operates a private Consent Management Platform with the identification number 386, which is used by different Huawei Mobile Services apps provided by Aspiegel. Aspiegel collects and uses the following personal data for the purposes of Petal Ads. Please read Statement About Petal Ads and Privacy https://privacy.consumer.huawei.com/legal/ads/privacy-statement.htm?&code=EU&language=en-us&branchid=0&contenttag=default and Statement About HUAWEI ID and Privacy for more information.

Digital Turbine. Digital Turbine, owned by Digital Turbine, Inc. is an advertising platform that we use to show you ads within our Apps. Digital Tribune collects device and other IDs and uses this information for the purposes of analytics, fraud prevention, security and compliance and to serve non-personalised advertising. For more information please read DT Privacy Notice (https://www.digitalturbine.com/dt-clients-privacy-policy/#_heading=h.17dp8vu) and Privacy documents available at https://developer.digitalturbine.com/hc/en-us/sections/360002877558-Privacy.

ANALYTICS PROVIDERS 

Google Analytics 4 (GA4F). We use Google Analytics for Firebase (GA4F) SDK and Big Query to collect data on the usage of our Apps. We use your data only for the purposes of our internal analytics to improve our Apps and we do not allow sharing of your data with other parties and their products or services.

GA4F collects the following information through the default implementation: number of users, session statistics, approximate geolocation, browser and device information. See a full list of the default events and user properties collected by GA4F. GA4F also collects enhanced measurement events (when enabled) from web data streams and in-app purchases from app data streams.

GA4F SDK automatically generates and assigns a Firebase Installation ID (the “Installation ID) to each instance of our App. GA4F uses the Installation ID to identify unique installations of our App and compute your metrics. Learn more about the app-instance ID. GA4F uses Installation IDs to track particular audiences. Data associated with Installation IDs is generally not personally-identifying, but is associated with a device and used to identify the same device, and events the device performs.

The SDK collects identifiers for mobile devices (for example, Android Advertising ID and Advertising Identifier for iOS) based on your consent and uses technologies similar to cookies.

On iOS, the SDK collects the Advertising Identifier (IDFA) if it is available. On Android, the SDK collects the Advertising ID by default based on your consent. If the Advertising ID is not available it will collect Android ID (SSAID). Any attempts to access the identifier will receive a string of zeros instead of the identifier.

GA4F does not log or store individual IP addresses. GA4F does provide coarse geo-location data by deriving the following metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU-based traffic, IP-address data is used solely for geo-location data derivation before being immediately discarded. It is not logged, accessible, or used for any additional use cases.

When GA4F collects measurement data, all IP lookups are performed on EU-based servers before forwarding traffic to GA4F analytics servers for processing.

To get more information about how your data is being collected and processed you can visit the site “How Google uses data when you use our partners’ sites or apps located at https://policies.google.com/technologies/partner-sites.

Firebase relies on Standard Contractual Clauses approved by the European Commission which are incorporated into contracts for relevant data transfers.

Google Big Query. We can draw and analyse data from Firebase Analytics using Google BigQuery. For more information, please see Google Service Specific Terms

Singular. We use Singular, owned by Singular Labs, Inc. as a Marketing Analytics and Attribution provider. In order to provide the services to us, they process some personal information. They do this as a data processor (also known as a service provider) on our behalf and under our instructions.

Generally, Singular processes personal data regarding the behavior and usage patterns of our end-users of mobile applications and other mobile properties operated by us. Subject to our discretion, the personal data processed by Singular can include, among others, your IP address, Android device ID (App Set ID), iOS device ID (IDFV) carrier user “ID”, and geo-location information. For more info please read their privacy policy https://www.singular.net/privacy-policy/.

STORAGE PROVIDERS

Digital Ocean

We use Digital Ocean services to store the data on their servers based in the US. DigitalOcean is committed to protecting your information. To do so, they employ a variety of security technologies and measures designed to protect information from unauthorized access, use, or disclosure. The measures they use are designed to provide a level of security appropriate to the risk of processing your personal data.

For more information on DigitalOcean’s security controls, please see the following resources:

With respect to Personal Data of Data Subjects located in the EEA, Switzerland, or the United Kingdom that Bubadu transfers to DigitalOcean or permits DigitalOcean to access, we have agreed that by executing the DPA they also execute the Standard Contractual Clauses, which will be incorporated by reference and form an integral part of the DPA.

For more information, please see https://www.digitalocean.com/legal/privacy-policy,  https://www.digitalocean.com/security/gdpr/.

Webserver Providers

We use third party Webserver Providers, namely Cloudflare to store your IP address for the purposes of security to help us detect and prevent fraudulent activity. These services may collect your information when you use our services, web applications, and APIs. The information may include but is not limited to IP addresses, traffic routing data, system configuration information, and other information about traffic to and from our Apps (collectively, “Customer Logs”). The Webserver Providers collect and use Customer Logs to operate, maintain, and improve their Services for the purpose of providing security. For example, Customer Logs can help us detect new threats, identify malicious third parties, and provide more robust security protection for our services. Where Webservers Providers use information collected from Resolver Users to operate and improve the Cloudflare Resolver, such as to assist us in our debugging efforts if an issue arises, they will not combine the information collected from DNS queries with any other data in any way that can be used to identify individual end users. Cloudflare is a data processor for Customer Logs, and processes such information based on our instructions, meaning that Bubadu is the controller of such data. Some of the Webserver Providers store or transfer data outside EEA. Whenever a Cloudflare company transfers personal information originating in the EEA, the UK, or Switzerland with another member of the Cloudflare group or a third party service provider or partner outside the EEA, the UK, or Switzerland, they will implement appropriate safeguards, consistent with the laws of the territory from which the data is exported. For example, where transfers are made from the EEA, we rely on the EU standard contractual clauses, including supplementary measures as necessary. Please see these providers' privacy policies for more info: https://www.cloudflare.com/privacypolicy.

VIDEO SHARING PROVIDERS

YouTube. We use YouTube, owned by Google LLC, to share and show videos about our Apps on our website (https://bubadu.com/). Our YouTube channel is set as Made for Kids, this limits data collection when you watch our videos and prevents personalised adverts being shown. For more information please read Google’s Privacy Policy (https://policies.google.com/privacy?hl=en-GB).

If you have chosen to block third-party cookies via your browser, cookies will not be stored on your device.

Most third-party cookies can be blocked by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. For more information on how to modify your browser settings or how to block, manage, delete or filter cookies can be found in your browser’s help file or through such sites as: https://www.aboutcookies.org.uk/.

V. YOUR RIGHTS

We have adhered to the data minimization principle and we only collect the data we need for our processing purposes as described above in the section ‘The data we collect’. To protect your privacy we use identifiers when processing your Information and pseudonymize the data on our end when stored in our servers. You can exercise your rights by sending an email to [email protected] We will also outline further options to exercise your rights in the respective sections below. 

You have – partly under certain conditions – the following rights in connection with your Information:

RIGHT TO WITHDRAW YOUR CONSENT

Where the processing of your data relies on your prior consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

OPTING OUT OF NOTIFICATIONS

You can change notification preferences within your App, by clicking the settings icon and toggling/untoggling the button within the ‘Notifications’ option.

You can deactivate local notifications by changing the notification settings in accordance with the instructions of the operating system running on your device.

iOS: You will be asked to accept or refuse local notifications after the App is downloaded. If you do not accept, you will not receive local notifications. Please note that if you accept, some mobile phones will allow you to disable notifications later on by using the settings on your mobile phone. To manage notifications on your mobile phone please follow these instructions: Open your Settings menu and tap “Notifications”; Find the Application; Tap on the icon of Application; Manage the “Notifications” option by sliding it OFF or ON.

Android: After an Application is downloaded, you will automatically receive local notifications. Some of our Apps offer disabling local notifications by entering the homepage of the App and choosing the “Settings” option. Here, local notifications can be disabled by choosing the uncheck option ‘’0’’. For other Apps, your local notification can be disabled within your mobile phone settings.

OPT OUT OF ADS

You can opt out of ads being displayed by choosing the ‘’Remove Ads’’ option within your in-App settings and paying the ‘No ads’ fee or by buying the App feature that includes the ‘Remove ads’ option’ or subscribing to a ‘VIP subscription’.

OPT OUT OF THIRD PARTY PROVIDERS

You are always free to opt out of the information collection by Third Party Providers by not logging in or using their services. Please note that you cannot opt out of Providers, that we use to offer you the Services, for example, Storage Providers. If you don’t agree with such usage please don’t use our Services.

RIGHT TO OBJECT AND TO RESTRICTION OF PROCESSING

You have the right to object to the processing and the right to restrict the processing of your personal data.

When you use our free App version you have the right to object to data processing for advertising by choosing the option ‘’Remove Ads’’ within your in-App settings and paying the ‘No ads’ fee or by buying the App feature that includes the ‘Remove ads’ option’ or subscribing to a VIP subscription. When you choose this option we disable any future third party advertising and stop sharing and using your data for advertising.

Should you not feel comfortable with us using your Information for internal analytics purposes in order to improve our Apps, you can exercise your right to object by uninstalling all the Apps from each of your devices which will also delete all related Information. Analytics Identifier namely Firebase installation ID, can be deleted by clearing the App data or reinstalling the App, meaning that any information linked to the identifier will be deleted and you will receive a new identifier the next time you use the App.

RIGHT TO ACCESS, DATA PORTABILITY, COPY AND RECTIFICATION

You have the right of access to your personal data, which includes the right to obtain confirmation from us as to whether or not personal data concerning you are being processed by us and, where that is the case, access this personal data and further information such as the purposes of the processing and receive a copy of the personal data in question. We will try to respond to any request as soon as possible, but we will do so within 1 month of receipt of your request. If we need to acquire your data from a third party, this might take longer – in this case, we will duly inform you.

Furthermore, you have the right to request the rectification of inaccurate personal data and, taking into account the purposes of the processing, the completion of your incomplete personal data.

You have the right to data portability, i.e. to receive your data in a structured, common and machine-readable format and to transmit it or have it transmitted to another data controller.

RIGHT TO ERASURE

You have the right to request deletion of your Information. Should you wish to terminate our Services or delete Information that you have shared with us, please uninstall all our Apps.

The logs with your data are automatically deleted from our server within one (1) month. Backup logs are then deleted after another one (1) month.

RIGHT TO FILE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Should you have any data processing or privacy related questions, please contact our DPO, Primož Furlan by sending an email to: [email protected] (subject 'DPO''). Should you have any concerns or complaints our DPO is not able to solve, you have the right to lodge a complaint with a supervisory authority, Informacijski pooblaščenec, Zaloška cesta 59,

Ljubljana, Slovenija by sending an email to [email protected].

CALIFORNIA RESIDENCE PRIVACY INFORMATION (CCPA RIGHTS)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPR) requires us to provide you with some additional information regarding your rights with respect to your “personal information”.

We may transfer your personal data to third party providers in order to achieve the purposes of the processing listed in the section “How we use your data” above. Third party providers act as service providers (data processors on our behalf) meaning that they are not allowed to use your data for their own purposes. Please see the section “Who has access to your data” to learn about what third party processors we use. 

Bubadu may collect the following CCPA categories of personal information from you based on the Services you use:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
NO
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES
G. Geolocation data. Physical location or movements. NO
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
I. Professional or employment-related information. Current or past job history or performance evaluations. NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO

We may transfer your personal data to third party processors in order to achieve the purposes of the processing listed in ‘How we use your data’ above, but only with the third-party processors with whom we have a data protection agreement in place. A full list of our third-party processors can be found in section ‘Third Party Services Providers’. We may also share your personal information by disclosing it to a third party for a business purpose, and for any other purpose with your consent. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.

Personal Information Category Category(ies) of Third-Party Recipients Business Purpose
A: Identifiers. Service providers. To provide our Services to you, perfrom Internal Analytics and Contextual Advertising.
B: California Customer Records personal information categories. None N/A
C: Protected classification characteristics under California or federal law. None N/A
D: Commercial information. None N/A
E: Biometric information. None N/A
F: Internet or other similar network activity. Service providers. To provide our Services to you, perfrom Internal Analytics and Contextual Advertising
G: Geolocation data. None N/A
H: Sensory data. None N/A
I: Professional or employment-related information. None N/A
J: Non-public education information. None N/A
K: Inferences drawn from other personal information. None N/A

CCPA provide California consumers with the following rights (which supplement the rights described above): 

Right to request disclosure of any personal information we collect. This means in particular that you have:

  • the right to request disclosure of the categories of personal information we collected from you, together with the categories of sources from which it was collected (please see above),
  • the purpose of the collection (please see above),
  • the categories of third parties with whom we shared your personal information (please see above), and
  • the specific pieces of personal information that have been collected (please see the section above).

Please see the “Right to access/copy” above to learn how we process your request.

Right to request deletion of any personal information that we collected from you. This means that after we have verified your request to delete your personal information, we shall delete it from our records and direct any service providers to delete your personal information from their records, except when Article 1798.105 (d) CCPA is applicable (e.g. in case the personal information is necessary to provide the Services, to detect security incidents, to identify and repair errors that impair existing intended functionality of the Services, or to comply with a legal obligation).

Please see the section “Right to erasure” above to learn how we process your request.

Right to non-discrimination. We will not discriminate against you for exercising your CCPA rights. This generally means that we will not deny you Services or provide a different level of Service or quality of Services. However, please bear in mind that, if you ask us to delete your data, it may impact your experience with us, and you may not be able to use our Services which require the usage of your personal information to function properly.

Right to Opt-Out of Sale. You have the right to opt out of the sale of your personal information to third parties (as those terms are defined in the CCPA). We have contracted with Providers that offer their services to us as “service providers’ meaning that they do not use the Information that you share for their own purposes and such disclosure does not constitute a sale as per the CCPA definition. We are not selling any information to third parties and we don’t allow tracking by third parties.

VIRGINIA RESIDENCE PRIVACY INFORMATION (VCDPA)

If you are a Virginia resident, the Virginia Consumer Data Protection Act (“VCDPA”) requires us to provide you with some additional information regarding your rights with respect to your “personal information”.

What data do we process?

Consistent with “The Data We Collect" and “How We Use Your Data” sections of this Policy, we may collect certain categories of information about Virginia consumers (“Personal Data”). The section below summarizes the Personal Data we process, the purposes for processing this data, the categories of personal data that we share with third parties, and the categories of third parties that we share the data as specified in the VCDPA. We do not sell personal data to third parties.

Bubadu may collect the following VCDPA categories of personal information from you based on the Services you use: 

Identifiers

We use identifiers as described in the section “The Data We Collect”, namely online identifiers and email addresses.

Purpose of Processing Personal Data

We use this Personal Data to provide our Services to you, and perfrom Internal Analytics and Contextual Advertising as described within the “How We Use Your Data” section.

Categories of Third Parties With Which We Share Personal Data

We share your Personal Data with Service Providers, as described within the “Third Party Services Providers’ section.

Your Rights

Right to Access Personal Data/Correct Inaccurate Personal Data

You have the right to request access to Personal Data collected about you and information regarding the purposes for which we collect it and the third parties and service providers with which we share it. Additionally, you have the right to correct inaccurate or incomplete Personal Information. You may submit such a request by sending us an email to [email protected].

Right to Deletion of Personal Data

You have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. You may submit such a request by sending us an email to [email protected]. We may have a reason under the law why we do not have to comply with your request or why we may comply in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Right to Opt Out of Sale of Personal Data to Third Parties

You have the right to opt out of the sale of your Personal Data to third parties (as those terms are defined in the VCDPA). We do not sell your Personal Data to third parties. We have contracted with Providers that offer their services to us as “processors” (as defined with VCDPA) meaning that they do not use the Personal Data that you share for their own purposes, but only in accordance with our instructions.

Right to Portability

You have the right to request a copy of the Personal Data that you previously provided to us as Controller in a portable format. Our collection, use, and disclosure, of Personal Information is described in this Policy.

Right to Opt Out of Targeted Advertising

You have the right to opt-out of targeted advertising based on your Personal Data obtained from your activities over time across websites and applications. We do not perform targeted advertising.

Right to Opt Out of Profiling

You have the right to opt out of having your Personal Data processed for the purpose of profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you. We do not perform Profiling.

Right to Appeal

If we decline to take action on any request that you submit in connection with the rights described in the above sections, you may ask that we reconsider our response by sending an email to the same email box (referenced in the section below) from which you receive the decision. You must ask us to reconsider our decision within 45 days after we send you our decision.

How You Can Exercise Your Rights?

You may submit a request to exercise your rights above by sending us an email to [email protected]. If you choose to send an email, please help us locate your data by including information about the Apps/Services you interacted with when you provided your information.

BRAZILIAN RESIDENCE PRIVACY INFORMATION (LGPD RIGHTS)

If you are a Brazilian resident, Brazilian law requires us to provide you with some additional information regarding your rights with respect to your “personal information” (as defined in the “Lei Geral de Proteção de Dados” (hereinafter the “LGPD”) that came into force on September 18th, 2020).

To find out what categories of your personal information are processed and what are the purposes you can read the sections “What data we collect” and “How we use your data” within this Policy.

We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows:

  • To comply with a legal or regulatory obligation that lies with us;
  • The carrying out of public policies in laws, regulations, contracts, and other legal instruments;
  • studies conducted by research entities, preferably carried out on anonymized personal information;
  • To perform a contract with the data subject;
  • To exercise rights in judicial, administrative, or arbitration proceedings;
  • To protect the data subject's or a third party's life or physical safety;
  • To protect health exclusively in procedures performed by health professionals, health service providers, or the health authority;
  • When necessary for our legitimate interests of the data subject or third party, except where the data subject’s fundamental rights and freedoms require personal data protection;
  • Your consent to the relevant processing activities;
  • For credit protection.

Your Brazilian privacy rights

You have the right to:

  • obtain confirmation of the existence of processing activities on your personal information;
  • access to your personal information;
  • have incomplete, inaccurate or outdated personal information rectified;
  • obtain the anonymization, blocking or elimination of your unnecessary or excessive personal information, or of information that is not being processed in compliance with the LGPD;
  • obtain information on the possibility to provide or deny your consent and the consequences thereof;
  • obtain information about the third parties with whom we share your personal information;
  • obtain, upon your express request, the portability of your personal information (except for anonymized information) to another service or product provider, provided that our commercial and industrial secrets are safeguarded;
  • obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions provided for in art. 16 of the LGPD apply;
  • revoke your consent at any time;
  • lodge a complaint related to your personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies;
  • oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law;
  • request clear and adequate information regarding the criteria and procedures used for an automated decision; and
  • request the review of decisions made solely on the basis of the automated processing of your personal information, which affects your interests. These include decisions to define your personal, professional, consumer and credit profile, or aspects of your personality.

You will never be discriminated against, or otherwise suffer any sort of detriment if you exercise your rights.

How to file your request

You can file your express request to exercise your rights free from any charge, at any time, by using the contact details provided in this Policy, namely by sending an email to [email protected].

How and when we will respond to your request

We will strive to promptly respond to your requests.

In any case, should it be impossible for us to do so, we’ll make sure to communicate to you the factual or legal reasons that prevent us from immediately, or otherwise ever, complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests if we are in the position to do so.

You will also need to let us know whether you want us to answer your request immediately, in which case we will answer in a simplified fashion, or if you need a complete disclosure instead.

In the latter case, we’ll respond within 15 days from the time of your request, providing you with all the information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.

In the event that you file a rectification, deletion, anonymization or personal information blocking request, we will make sure to immediately communicate your request to other parties with whom we have shared your personal information in order to enable such third parties to also comply with your request – except in cases where such communication is proven impossible or involves a disproportionate effort on our side.

Transfer of personal information outside of Brazil permitted by the law

As Bubadu is based in Slovenia, we only transfer your data to Slovenia to provide our Services. In addition to that Bubadu uses third party services outlined in the section “Who has access to your data” to transfer data to third countries.

We are allowed to transfer your personal information outside of the Brazilian territory in the following cases:

  • When we offer and provide guarantees of our compliance with the LGPD principles, the data subject's rights, and the data protection regime, in the form of:
    • specific contractual clauses for a particular transfer;
    • standard contractual clauses;
    • binding corporate rules; or
    • regularly issued certificates and codes.
  • When necessary:
    • for international legal cooperation between government intelligence, investigative, and prosecutorial bodies, under international law;
    • to protect the data subject's or a third party's life or physical safety;
    • to execute a public policy or to fulfill a government legal duty;
    • to comply with the controller's compliance with a legal or regulatory obligation;
    • to perform an agreement or preliminary procedures relating to an agreement with the data subject; or
    • to exercise rights in court, administrative, or arbitration.
  • When the ANDP authorizes the transfer.
  • When resulting from a commitment made in an international cooperation agreement.
  • When the data subject has provided specific and distinct consent for the international transfer, clearly distinguishing this from the other purposes.

VI. STORING, TRANSFER, RETENTION AND DELETION OF DATA

RETENTION AND DELETION

We store your information for as long as needed to provide you with our services. We may store it longer, but only in a way that it cannot be tracked back to you.

The logs with your data are automatically deleted from our server within one (1) month. Backup logs are then deleted after another one (1) month.

We will delete Bubadu Identifier stored on our server and any analytics information obtained for cross promotion after 3 days. The Bubadu Identifier will still be stored locally on your device and used for cross promotion if you return using the Apps. Some of your information (Bubadu Identifier and related cross promotion information) may be stored longer in our backup logs where after one (1) month is deleted.

Your IP address used for security purposes and raw data logs will be deleted from our server within one (1) month and it takes one (1) additional month for us to delete backup logs.

Analytics information tied to analytics ID, namely Firebase installation ID is deleted after 180 days after you delete the Apps or send a request to delete such information from Firebase services that use Firebase installation ID. Analytics Identifier namely Firebase installation ID, can be deleted by clearing the App data or reinstalling the App, meaning that any information linked to the identifier will be deleted and you will receive a new identifier the next time you use the App.

App set ID (Android) and IDFA (iOS) identifiers used to perform analytics with Singular are deleted after 60 days and stored longer in an aggregated manner within Singular.

STORING

We use Digital Ocean and Cloudflare for storing information. Please see the section ‘Storage Providers’ for more information.

We store our data on the US territory so we will transfer the data to the US if you are using our Apps elsewhere. Please see section ‘Transfer’ below for more information.

TRANSFER

We provide our Services globally, so we need to transfer your Information to Providers across borders and from your country to other countries around the world. Please note that not all these countries have the same data protection laws as your own country, but we take appropriate steps to safeguard the privacy of your Information.

We will transfer your Information to our Providers only when the transfer is based on one of the following safeguards:

  • to a country with adequate protection, meaning that the country has an adequate level of protection in accordance with European data protection legislation
  • Based on standard contractual clauses (SCC), meaning that we have entered into SCC with Providers, that are adopted by the Commission of the European Union in accordance with European data protection legislation
  • Other appropriate safeguards, such as approved certification mechanisms like privacy shield frameworks

VII. SECURITY

We follow generally accepted industry standards and internal procedures to protect the information submitted to us, both during transmission and once we receive it.

The Information is encrypted and password protected and we have integrated commercially reasonable efforts to assure that your Information remains secure when maintained by us, but please be aware that no security measures are perfect or impenetrable.

If you have any questions about the security of our Apps, you can contact us at [email protected]. We have implemented and shall maintain appropriate technical and organizational security measures to protect your data and preserve security and confidentiality.

VIII. GENERAL

CHANGES TO THE PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our information processing practices. We encourage you to periodically review this page for the latest information on our privacy practices. You will be informed about material changes to our data processing practices with local in-app notifications or by other means. You can get acquainted with the changes by reviewing the Privacy Policy link available within the App.

CONTACT AND INFORMATION

Should you have any privacy-related questions, please contact us and our internal DPO, Primož Furlan by sending an email to: [email protected] (subject: DPO) or write to us at the address: Bubadu d.o.o., Bračičeva ulica 21, 1380 Cerknica, Slovenia, Europe.

Should you have any concerns or complaints that our DPO is not able to resolve, you have the right to lodge a complaint with our supervisory authority Informacijski pooblaščenec, Zaloška cesta 59, 1000 Ljubljana, Slovenija by sending an email to [email protected].

Last update: December 2023