PRIVACY POLICY (Mobile App)

This Privacy Policy constitutes formal regulations of Sumo Sushi & Bento that uses SaaS-platform-based services. The services covered by this Privacy Policy allow you to participate in the mobile loyalty program of Sumo Sushi & Bento, to gather points, to receive gifts, to be always up-to-date on recent news and promotions.

When you use our services, you share certain information with us. We, in turn, want to let you know which information we collect, how we use it, to whom we disclose it, and how you can manage, update and delete your information. With this end in view, we have developed this Privacy Policy. It is written in the most accessible language and does not contain complex legal terms and wordings, unlike other similar often redundant documents. Should you still have questions after familiarization with our Privacy Policy, you can always contact us by e-mail GDPR@loyaltyplant.com.

We collect information which is subdivided into three main categories:

• information provided by you to us voluntarily;
• information which we receive when you use our services;
• information which we receive from third parties, for example, in case of authorization through social networks.

Let's consider in more detail each of the above categories.

• When you use our services, we collect information which you provide to us voluntarily. For example, in order to use a mobile app, it is necessary to create an account, which requires specifying your personal data: name, e-mail, phone number, social and demographic information (for example, your gender, your age, date of birth), photo (as an option).
• In addition, in order to use some of the services, for example, online payments of orders/delivery, or any other services, you may need to provide the number and other details of your bank card. Please note that details of the bank card are never stored in our system. When you complete the form with details of your card and further confirmation for their saving, you voluntarily transfer these data to a payment provider conforming to the PCI-DSS safety standard.
• When using some of our services, you can voluntarily provide us with details of your friends or acquaintances to send them an electronic gift or a gift card.
• When you apply to us via customer support or otherwise, we collect information that you voluntarily provide to us for resolution of your issue.

• Information on the device. We collect information about devices which you use for access to our services as well as the data arriving from such devices. For example:
• information on your hardware and software (device model, version of operating system, device memory size, unique identifiers of the device, advertising identifiers, unique identifiers of the app, installed apps, language);
• information on existence of connection of your device to a wireless network or cellular internet connection.
• Camera and photos. When an account is registered, our services may request authorization to access the photo gallery or the camera on your device. You are not obliged to give access to this information, the system will work correctly, but without your photo in the profile.
• Information on location. When using some of our services, for example, delivery of a gift to a location nearest to you, or for choosing a delivery point for the order, we collect information on your location. Subject to your consent, we can also collect data on your exact location by other means and technologies, including GPS, wireless networks, base cellular stations, Wi-Fi access points. You can turn off transfer of location information at any time by simply changing the settings on your mobile device.
• Information on purchases and frequency of app use. We can collect information on your transactions in the outlets where you use this mobile app, including the products that you buy, how often you buy them, which special offers you use.

We can receive the following information on you from social networks upon authorization in our system:

• Your name and surname;
• Your age and gender;
• Your @mail and phone number as specified in the social network profile;
• Information on pages in social networks to which you are subscribed.

What do we do with collected information? In short, we use it to provide to you the magnificent set of products and services which we continuously improve. Namely:

• We provide observance of terms of services – uninterrupted and correct operation of loyalty program;
• We send you push-notifications to inform you on our products, services and promos which, in our opinion, may be of interest to you;
• We send you messages by e-mail in response to your applications to technical support, or to inform you on new special offers;
• We carry out monitoring and analysis of tendencies and specifics of use of our services;
• We ensure and improve the mechanisms of target advertising and assessment of its efficiency, including by means of using data on your exact location (subject to your consent to collection of such data). See more details on available opportunities of advertising message management below in the "Information management" section;
• We carry out authentication of users, as well as counteraction to fraudulent and other unauthorized or illegal actions;
• We carry out monitoring and remedy technical failures and software failures in our services.

We can share your information in the following cases and to the following subjects:

We share your personal information with our business partners who develop and provide stability of our services, administer the loyalty program, process orders and requests sent to technical support, collect, save and provide due protection of your personal data on our request. These companies are Loyaltyplant LTD and its subsidiary Loyaltyplant LLC.

Your data are transferred and stored on the cloud server of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland (Germany), for placement of standby servers intended for viewing and storage of data backup on Hetzner Online hosting (Germany, that provides proper protection of your personal data rights);

• With service providers, vendors and partners. We can disclose your information to service providers who render services on our behalf; to vendors who sell goods using our services; and to business partners who ensure existence and smooth operation of different components and functions in the mobile app or the system;
• With third parties for legal causes. We can disclose your information if we have sufficient grounds to believe that such disclosure is necessary for:
  
  • Observance of any valid court order, requirement of public authority or applicable law, statutory or legal regulation;
  • Investigation, remedying of potential violations or enforcement of Terms of Service;
  • Protection of our rights, property and safety, as well as those of our users and other persons;
  • Discovery and remedying of any cases of fraud and security threats.


• With third parties within the scope of merger or acquisition. In case of participation in transactions of merger, sale of assets, financing, liquidation, bankruptcy, full or partial takeover of our business by another company, we can disclose your information to the other party before or after conclusion of the transaction.

In addition, we can disclose to third parties (for example, advertisers), general information that does not contain personal data, or unidentified information.

Together with our business partner, Loyaltyplant.ltd, we protect your information using technical, physical and administrative security measures, in order to reduce the risk of loss, misuse, illegal access, disclosure or change of your information. We protect transfer of your confidential information by means of special protection mechanisms using HTTPS protocol.

Our services may contain links to websites or include shared or third-party services. Using such third-party links, integration tools and services, including shared, you can provide information (including personal data) directly to a third party. You confirm and agree that we do not bear liability for the procedure of collection or use of your information by third parties. Please read carefully the privacy policy of the corresponding third-party service or resource that you use, including those third parties with whom you interact by means of our services.

We may authorize other companies (for example, Google Firebase Analytics, Apps Flyer) to use web beacons and other similar technologies on our services. These companies may collect information on the particular features of your using of our services and integrate it with similar data received from other services and companies. Such information may be used, among other things, for tracking and analysis of data, evaluation of popularity of certain content and best understanding of your actions in the web.

Remember: despite the fact that our system allows deleting information upon request, we cannot promise that such deletion will be completed instantly. Full deletion from the system requires up to 24 hours. In addition, we may suspend deletion procedure in the event that we receive a valid court order with a request to save the content, or a notice on non-compliance or default of the Terms of Service. In addition, we may save information in the form of backup copies for a limited time period or in accordance with the requirements of the law.

We provide you with the following tools for management of your information:

• Access and amendment. We aim to provide you with free access to your personal data which are stored by us, along with a possibility to introduce amendments thereto. You may access most of primary data of your account, or change them in the app itself, in the "Setup" section. Should you require access to other personal data stored by us, to change or delete them, you may send a request to GDPR@loyaltyplant.com. Since it is important to us to provide confidentiality of data of our users, we may ask you to undergo an authentication procedure or to provide additional information before we grant you access to your personal data or a possibility to change it.
• Withdrawal of authorizations. Should you decide to cancel your consent to collection by us of information from certain sources, such as location services, you may withdraw the corresponding authorization, having changed settings on your device, if such options are provided by the device. Naturally, in such case you might lose access to some services and functions. In addition, you can withdraw your consent with this Privacy Policy in the "Setup" section in the app. In such case, you will not be able to use our services, and your account and personal data will be deleted from the system within 24 hours.
• Account deletion. We hope that you become a regular user of mobile app Sumo Sushi & Bento, but should you desire to delete your account for any reason, you can do it in the "Setup" section of the app.

Our services are not intended for children under 13 years old. For this reason, we deliberately do not collect, do not use and do not store information on users under 13 years old. In some cases, this prevents persons of these age categories from using the full scope of our services. In the event that we need consent for processing of your information, we may request consent of your parents if it is provided for by the laws of your country. If you believe that we may be in possession of information on a child under 13 years old, that we have received from such child, please contact us by GDPR@loyaltyplant.com.

We can introduce amendments into this Privacy Policy. In such case, we will inform you by any means available, for example, by sending a push-notification or a pop-up window in the app.

We welcome your questions, comments and concerns about Privacy Policy. You can contact our privacy team by e-mail address GDPR@loyaltyplant.com.