Privacy Statement

This Privacy Statement informs you about the type of personal data that is collected and received through the application “Color Sensor”, and about how we use, share, retain and protect such personal data.

Who we are

This app is built and operated by SmashX B.V. (“data controller”, “we”, or “us”) on behalf of the brand owner. We have our registered office at Bergerstraat 2, 6226 NA Maastricht, The Netherlands: (KVK) 78620562.

The types of data we may obtain

We may collect and receive the following personal data from you:

1. We temporarily store your IP address to be able to deliver our service for purposes such as logs. This information is stored for at most 90 days.
2. Anonymous behavioural data such as when you open the app or scan a color. This does not include any personal identification such as IP address or other unique identification numbers. This gives us insight in how our app is being used so we can improve our service. This task is not executed by a third party service provider. We retain this data for at most 5 years. This data includes:
   • Date and time
   • Scanned color
   • Matched color
   • Coarse location at city level estimated by IP address
   • Color scanner serial number
   • Device type, OS version and app version
3. To make sure your app installation can identify itself and we can provide your personal color projects, each installation contains a unique instance ID. The instance ID will be cleared after deleting the app.
4. Crash logs. To improve our app, we might send a crash report to our services. This includes your device specifications and crash details. We store this information for 30 days.

How we may share your data

We may share the personal data we collect and receive on a need to know basis with the following third parties:

1. The app’s brand owner;
2. Trusted Service providers: Sentry Crash Logging (sentry.io)
3. Competent public authorities or other third parties, if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others.
4. We may also transfer your personal data in the event that we sell or transfer all or a portion of our business or assets on a need to know basis. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal data you have provided to us in a manner that is consistent with applicable law and this Privacy Statement.

Data transfers outside the EEA

We may transfer the personal data we obtain to third parties in countries outside the European Economic Area (EEA). The laws in those countries may not offer an adequate level of data protection. In particular, personal data may be transferred to the United States.

When we transfer your personal data outside the EEA, we will protect your personal data as described in this Privacy Statement and in accordance with applicable law, such as by entering into the European Commission’s Standard Contractual Clauses for the transfer of personal data to a processor located outside of the European Union.

How we protect personal data

We maintain appropriate technical and organisational security safeguards designed to protect your personal data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. However, due the inherent open nature of the Internet, we cannot guarantee that communications between you and us or the personal information stored is absolutely secure. We will notify you of any data breach that is likely to have unfavourable consequences for your privacy in accordance with applicable law.

Your Rights

You have the following rights in relation to your personal data:

1. The right to obtain, at reasonable intervals and free of charge, information on whether or not your personal data are being processed and to receive the personal data that is being processed in an intelligible form;
2. The right to request rectification or erasure of personal data or restriction of or objection to processing of your personal data. You may also request us to provide you your data in a structured, commonly used and machine readable format which can be transmitted to another controller.
3. To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence your identity. We will respond to your request within the applicable statutory term.
4. Moreover, subject to this Privacy Statement, you have the right to lodge a complaint with the competent supervisory authority.

Updates to this Privacy Statement

We may update this Privacy Statement from time to time. We will notify you of any significant changes to this Privacy Statement on the website or through other appropriate communication channels. All changes shall be effective from the date of publication, unless otherwise provided in the notification.

How to Contact Us

If you have any comments or inquiries about the information in this Privacy Statement, if you would like us to update your personal data, or to exercise your rights, please contact us by email at privacy@getudo.com.