Effective: July 1, 2021
PART I. GENERAL INFORMATION AND KEY TERMS.
Who we are? How the Bragona Services work?
Bragona Technologies (“Bragona”, “we”,”us”) respects your privacy and wants you to be informed about what we do. Bragona is a software-as-a-service company based in Dubai, the UAE. We design data analytics and graphic information representation products and tools (the “Bragona Services”), accompanied by additional services, such as: customization, optimization, training and educational events, community building and networking, legal services (“Additional Services”) that are based on information and data received from our customers that are individual entrepreneurs and, legal entities (“Customers”), and their corporate clients (“Clients”). We collect the aforesaid information and data on Customers digital properties, such as Customers’ websites, mobile applications, third-party applications integrated with the Bragona Services (“Customer Sites”). Another source of such data and information is the Bragona Services dashboard where Customer might enter its personal information by filing the relevant boxes in its account.
This Service Privacy Notice (this ”Notice”) explains who we are and how we collect, process, share, and use personal information about you when: (i) you use the Bragona Services as an authorized end-user under our Customer’s account (“Authorized User”); or (ii) you interact with any of the Customer Sites that use the Bragona Services indirectly, via an intermediary (“End User”). We also include information about how you can exercise your privacy rights. “You” or “your” may be a Client and/or Customer depending on the context.
During the provision of our services, Bragona needs to collect and process information pertaining to Customer, Customer Data, and Clients. Our machine learning platform uses this information to form a graphical illustration of analyzed data by creating graphs, charts, images and videos (collectively, the “Analytical Results”). This information is also used to verify each Authorized User and each End User among staff members of our Customers and their Clients. The aforesaid information and data are transmitted to us through our Application Programming Interfaces (“APIs”), emails, letters, telephone calls, text messages, cookies, and conversations when Customers register in our services and work with them.
PART II. WHAT WE COLLECT AND HOW WE USE IT.
- END USERS
Information We collect About End Users
Information provided by our Customers: Our Customers decide the type of Customer Data they wish to send to Bragona for analysis within the Bragona Services. Our solutions and support teams work closely with Customers to assess the utility of the specific Customer Data they send to us. While it will depend on the specific product offering and Customer relationship, the Customer Data that Customers typically send to us through our API integration include:
- Contact details (such as your email address, postal address, phone number, and user login);
- Information about your device (such as your IP address, session ID, mobile/desktop device properties, and metadata);
- Account activity information (such as account login attempts and failures, when you’ve reset your password, and other information about your behavior on a Customer Site, and in the Bragona Services dashboard); and
- Customer Site communication information (such as feedback, messaging, reviews or images you may have provided on or within Customer Sites).
Information we automatically collect when you use Customer Site: As further explained below, we use certain standard tracking technologies to automatically collect certain information about your device when you interact with and use Customer Site. Some of this information (including, for example, your IP address and certain unique identifiers), may identify a particular computer or device and may be “personal data” in some jurisdictions, including the EU. Depending on whether you visit Customer Site via an app or a webpage, the information we collect includes:
- Browser and device information, such as the device type and model, manufacturer, operating system type and version (e.g. iOS or Android), web browser type and version (e.g., Chrome or Safari), user-agent, carrier name/code and country code, time zone, the network connection type, IP address, hardware-based identifiers (e.g. MAC address), host name, device identifiers (such as iOS Identifier for Advertisers (IDFA), Android/Google Advertising ID (AAID or GAID)), canvas fingerprint, characteristics related to emulation or rooted (such as if your device is “jailbroken”), and app name and version. We also collect character set, host name, language, page title and URL, referrer URL, number of fonts, fonts hash, number of plugins, plugins hash, screen height and width, color depth, platform, cookie footprint, maximum touch points, JavaEnabled, session storage, local storage, whether the resolution has been tampered, language or OS, whether ad blocking is enabled, whether do not track is enabled, flash socket IP and flash identifier. The SDK will also collect phone-related metadata (battery level, device properties, carrier name); and
- Information about an End User’s behavior on Customer Site, such as information about the activities on those Customer Sites, session ID, session start/stop time, time zone offset, and location information which may be general location information inferred from your IP address or, in some circumstances, more precise geolocation information based on latitude and longitude coordinates. You may be able to control the collection of location information through particular Customer Sites by changing the preferences on your mobile device.
How We Use End Users information and Legal Bases
Bragona only uses Customer Data to provide, maintain, improve, and develop the Bragona Services and to comply with its legal obligations.
For example, we process Customer Data through our machine learning platform to return the graphical illustrations originated from the analyzed data to our Customers. We may also use Customer Data to optimize and improve the Bragona Services (for instance, to train our proprietary models and algorithms so that we can more effectively analyze Customer Data) and to validate the identity of End Users seeking to exercise their privacy rights. In addition, when our Customers use the Bragona notification and two-factor authentication features, we process Customer Data, such as their End Users’ telephone number or email address, to notify End Users of login attempts and account activity and send a verification code to End Users via text message or email. This allows our Customers who use these features to identify suspicious logins and validate their End Users’ identities when they log into the Customer Sites or create a new account.
We base our processing of your personal information on: (i) our legitimate interests in operating the Bragona Services; and (ii) our (and our Customers) legitimate interest in data analyzing and representation for our Customers and their End Users.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, including any legitimate interests relied upon, please contact us as provided under the “How to contact us” section at the end of this Notice.
How We Use Tracking Technologies to Collect Information about End Users
We use standard tracking technologies to automatically collect certain information from your device and/or browser when you visit or interact with Customer Sites.
We use the following tracking technologies:
- Mobile “SDKs” or “Software Development Kits”: These are blocks of code that are embedded into a Customer Site that allow Bragona to collect certain information as further described above. You can control the use of certain information Bragona collects through the SDK by following the instructions applicable to your mobile device operating system, which are usually available in your mobile device settings. This typically means that you will no longer be associated with your old device ID or the information collected about you when the old device ID was assigned to you. However, if the Customer Site you visit requires you to login (e.g., via an email address), Bragona will associate a new device ID with your login and your new and old device IDs will be associated. You may also be able to control the collection of location information by particular Customer Sites by changing the preferences on your mobile device. Because Bragona does not control these settings, we encourage you to check the information provided about them on a regular basis to ensure you are aware of any relevant changes.
When an End User views or uses a Customer Site, Bragona servers are notified, and we are able to collect information from the browser or application as described above.
Automated decision-making means that a decision is made automatically on the basis of a computer determination (using software algorithms), without human review or intervention. The services we provide to our Customers may result in an automated decision being made by our Customers about an action you have made on a Customer Site. Please contact the relevant Customer directly for more information.
- AUTHORIZED USERS
Information We Collect About Authorized Users
Information you provide to us when you use the Bragona Services: You (or your organization’s administrator) may provide certain personal information to us through the Bragona Services – for example, when you register for the Bragona Services, when you consult with our customer support, send us an email or communicate with us in any way in connection with the Bragona Services.
The personal information we collect may include:
- Business contact information (such as your name, job title, organization, address, telephone number, and email address);
- Account log-in credentials (such as your username and password);
- Troubleshooting and support data (which is data you provide when you contact Bragona for help, such as the products you use, and other details that help us provide support); and
- Payment information (if you pay for the Bragona Services our payment processor will collect certain information required to process your payment, such as your credit card number and associated identifiers, billing address and background information. Bragona does not store full credit card data).
If you ever communicate directly with us, we will maintain a record of those communications and responses.
Usage Data may include:
- Usage data (such as the dates and times you access the Bragona Services, page views which activities and features you use, the links you click on, and how you interact with the Bragona Services);
- Device data (such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer, and model);
- Device event information (such as system activity, error reports (sometimes called ‘crash dumps’), and hardware settings); and
- Log files automatically generated during the use of the Bragona Services (such as access times, hardware, and software information).
How We Use Authorized Users Information and the Legal Bases
We collect and process personal information for the purposes and on the legal bases identified below. For these purposes, we combine data we collect from different contexts (for example, from your use of several within the Bragona Services). We use information to:
- Provide the Bragona Services: We base our processing of your personal information on our legitimate interests to operate and administer the Bragona Services. For instance, to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Bragona Services;
- Promote the security of the Bragona Services: We process your personal information by tracking use of the Bragona Services, creating aggregated, non-personal information, verifying accounts and activity, and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the Bragona Services, systems, and applications and in protecting our rights and the rights of others;
- To improve and develop the Bragona Services: We use your personal information (including Usage Data as described in the “Information We Collect About Authorized Users” section) to identify trends, usage, activity patterns, and areas for integration and improvement of the Bragona Services so that we continually improve the Bragona Services, including adding new features or capabilities that make the Bragona Services smarter, faster, secure, integrated, and more useful to our Customers and their Authorized Users to the extent it is necessary for our legitimate interests in developing and improving the Bragona Services , or where we seek your consent;
- To communicate with you about the Bragona Services: We may send you service, technical, and other administrative or transactional emails, messages, and other types of notifications to in reliance on our legitimate interests in administering the Bragona Services. These communications are considered part of the Bragona Services and in most cases you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings;
- Send you marketing communications: We will process your personal information to send you marketing information, product recommendations, events, promotions, contests, and other non-transactional communications (e.g., emails, telemarketing calls, SMS or push notifications) about us in accordance with your marketing preferences as necessary for our legitimate interests in conducting direct marketing or to the extent you have provided your prior consent (please see the “Unsubscribe from our mailing list” section below);
- To protect our legitimate interest and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests, and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business; and
- With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Bragona Services with your permission.
- SHARING INFORMATION WITH THIRD-PARTIES
We may share and disclose information about End Users and Authorized Users in the following circumstances:
- Vendors, Consultants and Other Service Providers
We may share your information with third-party vendors, contractors, consultants, and other service providers who provide data processing services to us and with whom the sharing of such information is necessary to undertake that work. If you are an Authorized User, examples of the type of service providers include: processing billing, providing customer support, identity verification, or hosting our infrastructure. We may use providers who assist us in delivering online and offline marketing optimizations. If you are an End User, examples of these types of service providers include: hosting our infrastructure, security notification and verification services (including two factor authentication services), assisting with manual review and for data enrichment purposes (described below).
- Service Providers for Data Enrichment
We may share minimal Customer Data (e.g., email addresses) with select third-party service providers (e.g., location data providers) for data enrichment purposes. Bragona requires that any information disclosed to a provider is used only to perform their service and not for any incompatible purpose, and only as allowed by applicable law.
- Professional Advisers
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services they render to us.
- Compliance with Laws
We may disclose your information to any competent law enforcement body, regulator, government agency, court or other third-party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person (see below).
- Vital Interests and Legal Rights
We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Bragona, you or any other person.
- Corporate Affiliates and Transactions
We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with Bragona). Our affiliates will use your information only for the purposes described in this Notice. Additionally, if Bragona is involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction, as permitted by law.
PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION
Processing of personal information in the UAE and other territories
Your personal information may be transferred to, and processed by Bragona in countries other than the country in which you are resident, including countries around the world where Bragona, its affiliates, service providers or partners operate facilities. These countries may have data protection laws that are different to the laws of your country and may not provide for the same level of protection as your jurisdiction. However, regardless of where your data is processed, we take steps to ensure that your personal information will be processed in accordance with this Notice and the requirements of applicable law.
European Data Transfers
If you are resident in the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of your jurisdiction by: (i) processing it in a territory that provides an adequate level of protection for personal information based on the receiving country’s data protection laws; and/or (ii) implementing appropriate safeguards to protect your personal information, such as requiring the recipient to comply with the Standard Contractual Clauses, or another lawful and approved transfer mechanism.
PART IV. YOUR PRIVACY RIGHTS
Depending on your location and subject to applicable law, you may have the following rights with regard to personal information we control about you:
Access, review, change, update or delete your information (EEA, UK, and Swiss residents)
If you are a resident of the European Economic Area (“EEA”), United Kingdom, and Switzerland, you may access, review, modify, and request deletion of any personal information that we process about you, as required by law. You can send an email to firstname.lastname@example.org to exercise these rights. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws, and treat each according to the requirements of the applicable jurisdiction. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request. Specifically, we (or our third-party service provider acting on our behalf) may need to collect a copy of your photo ID and any other information necessary to confirm your identity. Such information will be securely processed in accordance with this Notice and only used for the purpose of verifying your identity.
Objection to processing of, or requesting restriction or portability of personal information (EEA, UK, and Swiss residents)
In addition, if you are a resident of the European Economic Area EEA, United Kingdom, and Switzerland, and we can properly verify your identity, you can object to the processing of your personal information, ask us to restrict the processing of your personal information or request portability of your personal information. To exercise these rights, email email@example.com.
Withdrawal of consent (EEA, UK, and Swiss residents)
If you are a resident of the EEA, United Kingdom, or Switzerland, and we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. To withdraw your consent to any processing, email firstname.lastname@example.org.
For all countries and territories other than above mentioned in this section, Bragona applies the following rules:
Bragona applies a unified approach to all its Customers and acknowledges the equal set of rights of subjects of personal data protection outside EEA, UK and Swiss residents as we acknowledge in respect to the EEA, UK, and Swiss citizens.
Unsubscribe from our mailing list
You may at any time ask us to stop sending marketing communications to you, including by clicking “Unsubscribe” in any e-mail communications we send you. If you have any questions in relation to the “Unsubscribe” process, please feel free to get in touch via the contact details set out below. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request.
PART V. OTHER IMPORTANT INFORMATION
We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Changes to this Notice
We may revise this Notice from time to time in response to changing legal, technical or business developments, and the revised version will be effective when it is posted. If we make any material changes to the ways in which we use or share personal information previously collected from you, we will post the updated version here and notify you and/or the Customer by email, by means of a prominent notice on our website, or by other means. You can see when this Notice was last updated by checking the “last updated” or “effective” date displayed at the top of this Notice.
PART VI. HOW TO CONTACT US
Please contact Bragona with any questions or comments about this Notice or our privacy practices at:
Attn. Legal Department
Park Lane Tower,
PO Box 37613, Dubai, UAE