Privacy Policy

Last update: Sep, 14, 2023

Your privacy is important to us. By general definition, Personal Data is any information relating to an identifiable person who can be directly or indirectly identifiedusing that information. We want to emphasize that the data we process, whichhas been provided to us by the Partner, is information pertaining to an identifiable person, which, however, can NOT beidentified directly or indirectly by the use of this information.  

This privacy policy:

  • Provides anover view of how we collect and processes your personal data, and informs you about your rights under the EU General Data Protection Regulation (“GDPR”)
  • Contains important information about, among others, the collection and use of personal data; the legal grounds for the processing of that data; disclosures of that personal data to third parties

Please read this privacy policy carefully and make sure you fully understand and agree with it, before you access or use any of our services.

Definitions and Interpretation

In this privacy, the following definitions are used:

“We”“Us” and “Our” means:

Then Grow System (hereinafter also referred to as the “ nGrow ”) – it is a set of cloud services, which includes server hardware and a software package, built using web technologies and ensuring popularization of the products and servicesby performing marketing activities, activities within the framework of personalization and or customer lifecycle management, as well as other generated activities.

The SaaS (Software as a Service) is a model for granting access to the nGrow System to the commercial companies that have entered intoservice agreements with us (hereinafter referred to as "Partners") by browsers or other programs using web protocols. 

All rights for the nGrow belongs to nGrow, Inc. registered in the Delaware state, having its registered office at 2093 Philadelphia Pike, Claymont, Delaware, 19703, US

 “You”, “your” or “data subject” means:

The Partner’s Client is any individual or legal entity registered in the Partner’s mobile application, which receives information about the Partner’s products/services and marketing activities using the Partner’s mobile application, or places an order for products/ services in the Partner’s mobile application, or participates in marketing activities, activities within the framework of personalization and or customer lifecycle management, as well as other activities generated using the nGrow System.

Processing mean the handling of your personal data by us, including collecting, protecting and storing your personal data. We use only the data required for nGrow to work, the rest (redundant) data will be deleted and/or will not be interpreted.

Our Data Protection Principles

We adhere to the principles relating to processing of personal dataset out in the GDPR which require personal data to be:

  • Processed law fully, fairly and in a transparent manner (Lawfulness, Fairness andTransparency)
  • Collected onlyfor specified, explicit and legitimate purposes (Purpose Limitation)
  • Adequate,relevant and limited to what is necessary in relation to the purposes for whichit is Processed (Data Minimisation)
  • Accurate and where necessary kept up to date (Accuracy)
  • Not kept in aform which permits identification of data subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation)
  • Processed in amanner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity andConfidentiality)
  • Not transferred to another country without appropriate safeguards being in place (TransferLimitation).
  • Made available todata subjects and data subjects allowed to exercise certain rights in relationto their Personal Data (Data Subject's Rights and Requests)
  • We are responsible for and must be able to demonstrate compliance with the dataprotection principles listed above (Accountability)

1. Data Controller

1.1 This privacy policy applies where we are acting as a data controller with respect to your personal data and therefore determine the purposes and means of the processing of that personal data.

2. How We Collect Data

2.1 We obtain  data mainly through any information provided by third party (the Partner). Below is a list of ways in which we collect  data.

Data collected via third parties including our business partners, contractors and/or vendors in a manner that is permitted.

Link to privacy policy of third party service providers used by the nGrow:

  • Firebase
  • Devtodev
  • Amplitude
  • Mixpannel
  • Braze
  • OneSignal

3. Personal Data We Use, Purposes and Legal Grounds

We may collect the following personal data from you. We will only process your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Type of information

Purpose

Legal basis of processing

Data about your use of Partner’s  products/services and marketing activities using the Partner’s mobile  application, or places an order for products/services in the Partner’s  mobile application, or participates in marketing activities, activities  within the framework of personalization and/ or customer lifecycle  management, as well as other activities generated using the nGrow System.

Geographical  location, app version, operating system, install source and timing, length of  visit, page views, app navigation paths, timing, frequency, pattern of your  service use.

To analyse the operation of Partner’s Service.

Performing the contract we have with a Partner.

Transaction data

The transaction  data and the order details.

To analyse the operation of Partner’s Service.

Performing the contract we have with a Partner.

Notification data

Notification  data, push notification sendings, opens, deliveries; APNs, FCM, HMS  push-tokens

The notification data may be processed for the  purposes of sending you the relevant notifications and/or newsletters.

Consent. Performing the contract we have with  you.

Any  of your personal data identified in this policy

Exercise or defence of legal claims, whether in  court proceedings or in an administrative or out-of-court procedure, the  protection and assertion of our legal rights, your legal rights and the legal  rights of others.

Our legitimate interests.

Any of your personal data identified in  this policy

The obtaining or maintaining insurance  coverage, managing risks, or obtaining professional advice.

Our legitimate interests.

4. Information We May Provide to ThirdParties

We may disclose your personal data to the third parties listed below.When we do so, we require those third parties to have appropriate technical andorganisational measures in place to protect your personal data. We will notshare any of your personal data for any purpose other than the purposesdescribed in this privacy policy, nor will we sell your personal data toanyone.

4.1 Any member of our group of companies (this means our subsidiaries,our ultimate holding company and all its subsidiaries) insofar as reasonablynecessary for the purposes, and on the legal bases, set out in this privacypolicy.

4.2 To our insurers and/or professional advisers insofar as reasonablynecessary for the purposes of managing risks, obtaining professional advice, orthe establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

4.3 Governmental and regulatory bodies, including law enforcement authorities, in connection with enquiries, proceedings or investigations by such parties or in order to enable nGrow tocomply with its legal and regulatory requirements.

5. Your Data Protection Rights

You have the following rights in terms of the personal data we holdabout you:

The right to be informed

nGrow is publishing this privacy policy to keep you  informed as to what we do with your personal data.

You can ask us for information regarding any  data of yours that we keep at any time. This information concerns, among  other things, the data categories we process, for what purposes we process  them, the origin of the data if we did not acquire them directly from you  and, if applicable, the recipients to whom we have sent your data.

The right to access

This enables you to receive a copy of the  personal data we hold about you and to check that we are lawfully processing  it. You can obtain a copy of your data from us free of charge. If you are  interested in other copies, we reserve the right to charge for the additional  copies.

The right to correction (rectification)

You can request that we correct your data. We  will initiate appropriate measures to keep the data of yours that we  continuously process correct, complete, and up to date, based the latest information  available to us

The right to erasure

(The right to be forgotten)

You can request that we delete your data  provided the legal requirements have been met. In accordance with Article 17  the GDPR, this can be the case if:

  • the data are no  longer required for the purposes they were acquired or otherwise processed
  • you revoke your  consent, which is the basis of the data processing, and there is no other  legal basis for the processing
  •  you object to  the processing of your data and there are no legitimate reasons for the  processing or you object to data processing for the purposes of direct  advertising
  • the data have  been processed illegally

Where the processing is not necessary:

  • To ensure  adherence to a legal obligation that requires us to process your data
  • In particular  with regard to legal retention periods
  • To assert,  exercise or defend against legal claims

The right to restrict processing

You can request that we restrict the processing  of your data if:

  • You dispute the  correctness of the data - for the period of time we need to check the  correctness of the data
  • The processing  is illegal but you do not wish to have your data deleted and request a  restriction of use instead
  • We no longer  need your data, but you need them to assert, exercise or defend against legal  claims
  • You have filed  an objection to the processing, though it has not yet been decided whether  our legitimate grounds outweigh yours

The right to data portability

At your request, we will transfer your data–  where technically possible – to another responsible entity.

However, this right only applies if the data  processing is based on your consent or is required to fulfill a contract.  Instead of receiving a copy of your data, you can ask us to send the data  directly to another responsible entity that you specify.

The right to object

You can object to the processing of your data  at any time for reasons that arise from your special situation provided the  data processing is based on your consent or our legitimate interest or that  of a third party. In this case, we will no longer process your data. The  latter does not apply if we are able to prove there are compelling,  defensible reasons for the processing that outweigh your interests or we  require your data to assert, exercise or defend against legal claims.

The right to withdraw consent

Withdraw the consent you gave us with regard to  the processing of your personal data for certain purposes, such as to allow  us to promote our products and services to you.

The right to complain

nGrow takes your rights very seriously. However, if  you are of the opinion that we have not dealt with your complaints  adequately, you have the right to submit a complaint to the data privacy  protection authorities responsible.

We endeavour to address all of your requests promptly. For more information regarding your rights over Personal Data, you should contact maratz@ngrow.ai. In order to exercise your rights, you should submit a request to maratz@ngrow.ai.

6. International Transfers of YourPersonal Data

6.1  nGrow we will impose the same data protection safeguards that we deploy inside the EEA to ensure that your personal data areal ways protected, uses standard contract clauses approved by the European Commission or other suitable safeguard to permit data transfers from the EEA toother countries. Standard contractual clauses are commitments between companiestransferring personal data, binding them to protect the privacy and security of Client’s Personal Data. The information that we request will be retainedon our server on address aws.amazon.com

7. Retaining and Deleting Personal Data

7.1 We will keep your personal data for as long as is necessary forthe purpose for which we initially collected them. Once such period has ended,we will keep your personal data for the longest of the 24 hours.

7.2 Once the retention period of your personal data lapses, we will ensure that your personal data are securely destroyed.

8. Confidentiality and Security

8.1 We deploy various security measures such as encryption and authentication tools in line with the current state of the art to protect andmaintain the security, integrity and availability of your personal data.

8.2 100% protection against unauthorised access in the case of data transfers across the internet or a website cannot be guaranteed, but we and ourservice providers and business partners do our utmost to protect your personaldata in line with the prevailing data protection legislation by means ofphysical and electronic physical precautions. Among other things, we use thefollowing measures:

  • Strict criteriafor authorisation to access your personal data on a “need-to-know” basis onlyand exclusively for the specified purpose
  • Transfer of acquired data in secured form
  • Storage of confidential data in secure server on address aws.amazon.com
  • Firewallsafeguarding of IT systems to provide protection against unauthorised access
  • Continuous monitoring of access to IT systems to detect and prevent the misuse of personal data

8.3 Integration via Google Firebase Analytics:

  • Data (events, properties, push_tokens, user_ids, etc.) does not leave the Google Cloud infrastructure
  • Data might be transferred between data centers within the Google Cloud due to the nature of cloud infrastructure services:
Data might be transferred between data centers within the Google Cloud due to the nature of cloud infrastructure services

8.4 Integration via Amplitude, Mixpanel, Adjust, etc:

  • Data (events, properties, push_tokens, user_ids, etc.) is encrypted upon transferring with SSL certificates
  • Data does not leave AWS Cloud during processing:

9. Changes to this privacy policy

9.1 We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. These changes areeffective immediately after they are posted on this page.

10 Contacts

11.1 If you have any questions or suggestions about our PrivacyPolicy, do not hesitate to contact us at maratz@ngrow.ai.

11. Children's Privacy

11.1. These Services do not address anyone under the age of 6. We do not knowinglycollect personally identifiable information from children under 6. In thecase we discover that a child under 6 has provided us with personal information, we immediately delete this from our servers.

11.2. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us maratz@ngrow.ai so that we will be able to do necessary actions.

12. Service Providers

12.1 We may employ third-party companies and individuals due to thefollowing reasons:

  • To facilitate our Service
  • To provide the Service on our behalf
  • To perform Service-related services
  •  To assist us inanalyzing how our Service is used

12.2 We want to inform you that these third parties have access toyour Personal Information. The reason is to perform the tasks assigned to themon our behalf. However, they are obligated not to disclose or use the information for any other purpose. This function is used by the Service using third-party services, such as Devtodev located at https://www.devtodev.com.