The information we gather or process is used solely for the core functionality of withaview and to improve the quality and security of our service
What information is being stored, or accessed?
By accessing the withaview data is collected by us, which is passed to us by your device (eg. your browser). The processing of this data takes place for the purpose, to enable the use of the services (connection, retrieval of data), for system security, for technical administration and optimization of our services. The data we collect can be separated into two types: Data provided by you and data, that is automatically gathered by us to provide and optimize our services.
Personal data provided by you
Registration: If you sign up to our platform to use more than the basic services we offer to anonymous users, we require certain personal information. We do this to be able to communicate with you and to provide our services in a secure and user-oriented way. Therefore we collect only a very limited amount of data from you like your name, the e-mail address, the country you are from, your age group and your personal password so that you are able to login to withaview.co. We are saving the e-mail address and your name for the purpose of the communication with you. The country and age are required to personalize the feed and recommendations.
Profile: Based on the data we collected during the sign-up process, we created a user profile for you, which can be used to share your own photos from spots around the world or to save spots so that you can find them later again. The user profile can be edited by you, so that you can individualize it by adding a description about yourself, a profile photo and by adding links to your website and/or social media profiles. All this information about you is optional and you have the right to edit, update, access and delete your personal information if you are terminating your registration on withaview.co. All of your profile data, account settings, and extension data (such as links) are transferred and stored securely, solely for your usage within our website and extension and not shared with any other third parties, except as specified in this policy.
Contact Form: As part of the services, withaview.co provides the possibility to submit any questions, comments, etc. through an electronically offered contact form. Please note that you must provide your name and email address as personal data usage and processing of the request in this case. The contact form, in general, is used like an e-mail you send to us and the data submitted by the form is only stored in the form of an e-mail, that is sent to our main contact address. We won’t use the data you provide here for anything else than answering your request.
Profile: If you registered for our services, we additionally save the time of your last activity and your IP address for security reasons. IP addresses are used to transport data from the sender to the intended recipient. Similar to the mailing address on an envelope data packets are provided with an IP address that clearly identifies the recipient.
Cookies: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Google Cloud Image API: withaview uses the Google Cloud Image API application to analyze the images you upload and automatically map them to locations and travel categories. This also allows us to detect and block inappropriate content such as adult or violent content. During the analysis, there is the possibility that depicted persons are captured. Neither facial recognition nor any other identification takes place.
Google Maps: This withaview uses Google Maps to display geographical information in a visual way. By using Google Maps as an embedded service within withaview.co, Google is gathering data about the API users and the usage itself. You can find more information about this in the privacy statement of Google: https://policies.google.com/privacy
Open Street Maps: (1) We use data from OpenStreetMap, a free project with the aim of collecting freely utilisable geo-data and making it available in a database for general use (open data). In order to display the map to you, information about the use of the withaview including your IP address is communicated to OpenStreetMap. These services are operated by OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, on behalf of the OSM community. (2) In order to display the map for you, information about the use of the OSM services is communicated to OpenStreetMap. In addition, a so-called session cookie is stored on the visitor’s computer. Details can be found in the section on Cookies. Information on how OpenStreetMap stores your data can be found at: https://wiki.openstreetmap.org/wiki/Privacy_Policy
Cloudinary: To more efficiently manage the photos uploaded by you and display them, in compliance with Art. 6(1) a) and Art. 9(2) a) of the GDPR, we use the Cloudinary cloud-based optimization tool of Cloudinary Ltd., 111 W Evelyn Ave, Suite 206, Sunnyvale, CA 94086, USA (hereinafter Cloudinary). When you upload a photo, it is saved on Cloudinary’s servers. Cloudinary is certified in compliance with the Privacy Shield Framework and therefore meets European standards for lawful order data processing. You can object to this processing at any time by simply informing us that you no longer wish to have such processing in the future. Please use the contact options of our company data privacy officer for this purpose. You can find detailed information on data protection and your privacy at the Cloudinary: http://cloudinary.com/privacy and http://cloudinary.com/tos
Facebook login: We allow you to sign up for and log on to withaview services via the Facebook Login feature. This replaces the otherwise necessary registration. To log in you are redirected to the Facebook server, where you sign on using your user information. This links your Facebook profile to our Services. By using this simplified login feature, you give us your consent to use the following information from your publicly visible profile:
Name, Location, Birthdate, Gender, Email address, Time zone, Friends or Profile photo
The legal basis of the aforementioned data processing is Art. 6(1) a) of the GDPR and Art. 9(2) a) of the GDPR. The purpose of the data collection above is the simplified login and the establishment and fulfillment of an agreement. This information is required for the conclusion of the agreement in order to be able to identify it. For the purpose and scope of Facebook?s data collection and the further processing and use of the information, as well as the associated rights and setting options to protect your privacy, please consult the Facebook privacy information.
YouTube: withaview uses YouTube plugins on just a few pages to display additional video content. YouTube is provided by Google Inc. (“Google”). As soon as you visit a page with an embedded video player, a connection to the YouTube servers needs to be established to load the data. Within this process, the YouTube-server gets information about which page you visited and if you are logged in with your YouTube-account, you are enabling YouTube to match your web usage behavior to your YouTube-account. You can prevent this by logging out of your YouTube-account. You can find more information about this in the privacy statement of Google: https://policies.google.com/privacy?hl=en
External font libraries: withaview uses external font libraries to improve the visual appearance by using a consistent font typeset (provided by Google Web Fonts) and icon fonts (provided by FontAwesome). These font libraries are loaded through cached CDNs, which improves the loading speed of these fonts for our users. This loading process is automatically triggering a call to load the data from these external sources. Therefore it is theoretically possible, that these providers may gather user data. Google Web Fonts is using a subdomain (fonts.google.com) so that they are not able to connect these external calls with your Google account itself in case you may still be logged in at their service. You can find more information about this in the privacy statement of Google: https://policies.google.com/privacy?hl=en
Data accessible through WebExtensions API: WebExtension APIs used within Chrome Extensions and Firefox Add-ons have fine-grained permission levels that are enforced by the Web Browser, restricting the information that our extension has access to within your Browser. The withaview extension can only access specific information that you have explicitly granted permission for. We can not and do not track your browsing history. Additional optional permissions may be requested when you enable specific features. When you enable a feature that requests optional permission, your Web Browser will make it clear what permission(s) are being requested. The feature will be accessible once you choose to allow the requested permission(s).
Weather: Location could be sent to our weather provider API to determine your closest weather station. At no time is your physical location retrieved from your web browser stored in any way that could be correlated to your withaview account.
Feature usage data: To improve the content, features and overall experience of the extension, we gather and log data on how our users access and use withaview services. For example, we may log actions like clicking on a button or link. Some of this usage data is sent to Google Analytics. In these cases, we do not send any identifying information that could be correlated with your account. We also make use of their IP anonymization feature to prevent your IP from being associated with your usage data.
What vendors/sub-processors do you use?
We use several vendors/sub-processors to conduct various aspects of our business.
Google Cloud Platform: Google Cloud Platform powers our core Cloud infrastructure (providing the necessary hardware, software, networking, storage, and other related technology required to run withaview). The bulk of our user data is hosted in Google Cloud Platform.
MailChimp: Newsletter to our users is sent via MailChimp. Your email address and the contents of the email are sent to MailChimp.
Jira: Used for internal communications. User data may be discussed for support purposes.
Slack: Used for internal communications. User data may be discussed for support purposes.
Trello: Used for internal communications. User data may be discussed for support purposes.
Dropbox: Used for internal communications. User data may be discussed for support purposes.
ZohoMail: Used for internal communications. User data may be discussed for support purposes.
Google Docs: Used for internal communications. User data may be discussed for support purposes
Is my data secure?
Data security is a priority at all times. We use a Tier 1 cloud provider to run our operations (Google Cloud Platform).
What are my rights in relation to my personal data?
By using withaview, you may exercise the following rights:
The right to refuse to provide your personal data The voluntary Personal Data you provide to us is an integral part of your use of withaview services. You can choose to forego the provision of that data, but you will be restricted from using our services.
The right to access and modify your personal data Through your use of withaview, you can access and amend your own data at any time on your Profile page.
The right to be forgotten You can ask to delete your account at anytime by writing an email to firstname.lastname@example.org. See the “What happens to my data when I delete my account?” section below to learn more about the deletion process.
The right to obtain your personal data Upon request, we will provide a data export of all your data stored in our system. If you wish to receive an export of your data, or have any problems deleting your account, please contact us at email@example.com
The right to submit a complaint If you have a complaint about the way in which your Personal Data is handled, please contact us at firstname.lastname@example.org. After submitting a complaint, we will reply within five (5) business days to confirm that we have received your complaint. After receiving your complaint, we will investigate it and provide you with our response within two (2) weeks.
The right to submit a complaint with a data protection authority If you are a resident of the European Union, and you are not satisfied with the outcome of the complaint submitted to us, you have the right to lodge a complaint with your local data protection authority.
What happens to my data when I delete my account?
Upon account deletion, your account is flagged as deleted and your data is no longer accessible. This data is stored for a grace period (90 days) to allow for account recovery in the case of accidental or malicious deletion, or your desire to reopen your account. Upon request, you can expedite the process of performing a hard delete to remove all of your personal data from our databases. After a hard delete, your data will be deleted from our system, but could still be present in encrypted database backups for up to an additional 35 days. To request an expedited hard delete, please send a message to email@example.com
Last updated on May 10, 2019