Privacy Policy
Shuffll (“Company”, “we” or “our”) is committed to safeguarding any personal data that may be collected through our website (the “Website”), the “Services”. If you choose to use Shuffll, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving Shuffll. We will not use or share your information with anyone except as described in this Privacy Policy.
WHO WE ARE AND GETTING IN TOUCH
Shuffll’s head office is located in Tel aviv, Israel. Any questions or inquiries relating to privacy or data protection should be directed to our Data Protection Officer at [email protected] EU and California residents may also exercise their data subject rights such as the right of access or erasure by contacting our Data Protection Officer.
INFORMATION COLLECTION AND USE
For a better experience, and in order to provide our Service, we may require you to provide us, either directly or indirectly, with certain personally identifiable information, including but not limited to user name, and Oauth2 credentials. The information that we request will be retained by us and used as described in this privacy policy.
The app uses third party services that may collect information used to identify you. Links to privacy policies of third party service providers used by Shuffll:
- Google Sign-in
- Twitter Sign-in
- Facebook Sign-in Service.
We do not use Facebook in any manner other than to provide social sign-in access to Shuffll. In particular, we do not use Facebook to post or otherwise store any media.
We may internally employ other third-party services, companies or individuals due to the following reasons:
To facilitate our Service;
To provide the Service on our behalf;
To perform Service-related services; or
To assist us in analyzing how our Service is used.
We want to inform users of our Service that these third parties may have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
LOG DATA
We want to inform you that whenever you use Shuffll, in a case of an error (and sometimes in normal operation) in the app we collect data and information on your mobile device and/or in our servers called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Shuffll, the time and date of your use of Shuffll, and other statistics.
PERSONAL DATA THAT WE COLLECT
Our primary purpose in collecting your personal data is to optimize and enhance your Shuffll experience. We use social sign-in to collect certain personal data from the social media platforms you use in order to register you on Shuffll. We also collect user generated content such as your broadcasts, chats, posts or other contributions. Please do not share highly sensitive personal data using our Services. Some information about your use of our Services is collected automatically, such as when you went live and how many fans you have.
As used in this Privacy Policy, “Personal Data” is as defined in the GDPR as any information relating to an identified or identifiable natural person (“data subject”). There are a number of different collections of personal data from you:
DIRECT COLLECTION:
Registration: When you register to use our Services, we receive certain information about you through Facebook®, Twitter®, or Google®, as applicable to your method of registration. This information may include your name, your location and language, a profile picture, your email and mailing address, your phone number and social following. The registration process is optional for Shuffll users who only wish to view content, but is required for users who would like to broadcast via Shuffll or to use the Services’ more advance options. You can update your profile data at any time.
Shuffll Activity: Any user-generated content is collected by Shuffll, such as when you enter profile data, create broadcasts, chats, posts, moments, when you gift or fan another user or subscribe to a partner’s broadcasts. Communication from You: When you contact us with questions, concerns or for purposes of customer/technical support, we collect the information contained in your message, which may include your name, contact details and any other personal data you provide.
AUTOMATIC COLLECTION:
Social Network Data: Your social following, that is, data about your connections, will also be collected by Shuffll, and if these connections are Shuffll users, they will automatically appear as your fans. Keep in mind that we receive information from other users’ registrations for our Services, which may include your social username.
Metadata: Information collected behind the scenes by Shuffll’s servers about your use of Shuffll’s Services. This includes, but is not limited to, when you last logged in, when you created a broadcast, liked or commented on someone else’s broadcast, when you created a moment, your total airtime, your IP address and information about your device or browser.
Automated data collection does not lead to profiling that significantly affects Shuffll users, but simply gives Shuffll a clear picture of its users and influencers. For a complete listing of data fields collected and used by Shuffll, you may contact us at [email protected]
DO NOT PROVIDE SPECIAL CATEGORIES OF PERSONAL DATA: We ask that you not send us, and you do not disclose, through a broadcast or other interaction, “special categories of personal data” as defined in the GDPR (information related to racial or ethnic origin, political opinions, religious or physiological beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership or data concerning data subject’s sex life or sexual orientation).
For Shuffll users who are EU residents, should you provide “special categories of personal data” using our Services, you understand that you have expressly consented to the collection, use and disclosure of such data in accordance with this Privacy Policy.
WHAT’S PUBLIC AND WHAT’S NOT?
Information you voluntarily transmit via our Services is publicly accessible and may be viewed and used by others without any restrictions. We do not control such uses of your personally identifiable information when you share with third parties using our Services. By using our Services, you assume the risk and acknowledge that the personal data provided by you may be viewed and used by third parties and by us for any number of purposes.
Your user profile and most of the content you create when using our Services, such as your broadcasts, moments, chats, posts, as well as your fanning and gifting activity is publicly displayed to other Shuffll users. Through your Privacy Settings, you can choose to hide your location and the number of fans you have. Most of the data that Shuffll collects about your Shuffll activity (“metadata”) is not publicly available.
When you stream live video content or interact with the video streams in real time, this data is available to other Shuffll users in real time. Some metadata, such as number of likes or views, may also be published, however, most of the metadata that Shuffll collects is not publicly available.
HOW WE USE PERSONAL DATA
Shuffll uses personal data responsibly in order to ensure we are meeting your expectations of our Services, responding to you when you contact us and providing a safe space for Shuffll users.
We may use the personal data provided to us to:
Contact you from time to time with information about service
updates, feature updates, newsletters or unique offers, or regarding technical issues or other information important for our Services, or to provide you with the support you are requesting, for example, if clarification is needed when you report another Shuffll user;
Receive feedback from you and inquire about any features you would
like to see in future products. We may also message you to promote new products or services that you may be interested in;
Customize, measure and improve our Services and content;
Analyze our user database to review preferences and trends for our own internal statistical and analytical purposes, which we may use for marketing purposes and with respect to operations and development;
Confirm the accuracy of our data with the data held by third parties;
Prevent activity we determine to be potentially illegal, harmful or
not in the public interest; and
Enforce this Privacy Policy and/or our Terms of Use.
DISCLOSURE OF PERSONAL DATA
Although Shuffll makes every effort to preserve user privacy, we may need to disclose personal data as detailed below. These are also the categories of third parties with whom we have disclosed personal data in the preceding 12 months:
We may need to disclose your personal data in response to a subpoena, regulatory investigation or court order, to law enforcement authorities or regulators who have demonstrated their lawful authority. We may also disclose personal data for the public interest or in good faith to prevent harm to individuals. Keep in mind we also share personal data with trusted third parties in order to effectively provide our Services to users.
In addition to responding to law enforcement or regulator requests for personal data, Shuffll will disclose personal data to report suspected illegal activity. For example, media files may be shared with the National Center for Missing and Exploited Children.
We may also disclose personal data to enforce our policies or respond to claims that a broadcast or other content violates the right of others. In all cases, such information will be disclosed in accordance with applicable laws and regulations.
Shuffll may also share your personal data: • With third parties performing services on our behalf that have agreed to keep such information confidential (for example, secure payment processing). • In connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business asset. If another company acquires our company, business, or assets, Shuffll users will be notified before any such business transaction occurs, and be given the opportunity to deactivate or terminate their account should they so choose to. The acquiring company will assume the rights and obligations regarding your personal data as described in this Privacy Policy.
SECURING PERSONAL DATA
Shuffll has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful processing of the data we collect. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal data. While no system is completely secure, we believe the measures implemented by our Services reduce the likelihood of a data security breach.
In addition, we recommend that you do your part in protecting yourself from unauthorized access to your account by ensuring no one else uses your computer or mobile device when you are logged in, by logging off from our Services when not in use and by keeping your passwords confidential.
Here are some examples of the data security controls in place at Shuffll (this is not an exhaustive list):
The use of encryption when personal data is transferred to Shuffll’s servers;
Limited access to personal data by Shuffll staff on a need-to-know basis, and the use of robust authentication processes (e.g. complex passwords or two-factor authentication);
The use of data centers with effective physical and logical data security controls, and the use of reputable third parties who have demonstrated security consciousness; and
Secure office premises and staff that are keenly aware of their data protection responsibilities.
NOT FOR CHILDREN UNDER THIRTEEN
This Service is a general audience Service, which is neither designed nor intended to collect personal data from children who are under the age of thirteen (13). You may reside in a country where local laws fix the digital age of consent to be older than 13. You may only use Shuffll if you have reached this age of consent, in accordance with applicable local laws. If you do not meet the digital age of consent of your country, you must immediately cease using our Services.
In order to ensure compliance with the provisions of the U.S. Children’s Online Privacy Protection Act and other data protection laws around the world aimed at protecting children, in accordance with our Terms of Use, children under the age of thirteen (13) are not permitted to access or use our Services, and children under the age of thirteen (13) should not provide any personal data to the Website or the App. We ask that parents supervise their children while online and/or using mobile devices. There are a number of commercially available parental controls that can be installed on browsers.
ACCURACY OF INFORMATION COLLECTED
Shuffll wants to keep the personal data we store about you as accurate and complete as possible. We rely on the user to provide accurate information and we also have protocols in place to promote data integrity.
The information that we collect from you is the same information that you have previously provided to Facebook®, Google+®, Twitter®, Instagram®, or relevant portions thereof. By updating the information in one of these social media accounts, you may be automatically updating the information in your Shuffll account the next time that you log in. You can access and modify your Shuffll account information directly by logging into Shuffll and clicking the ‘Gear Icon’, as well as make any changes to any express consents that you may have given with respect to us contacting you for Shuffll news or promotions.
RETENTION AND STORAGE OF THE INFORMATION WE COLLECT
We will retain your information as long as you are an active Shuffll user, to permit us to use it for the purposes that we have communicated in this Privacy Policy. Shuffll has implemented retention schedules to avoid indefinitely storing personal data that has been collected indirectly (for example, about a Shuffll user’s social connections).
Personal data is no longer required for administrative or business purposes, and that does not need to be archived by Shuffll, will be overwritten or scrambled such that it no longer identifies a Shuffll user. Keep in mind however that third parties who store data on our behalf have their own retention rules.
DATA DELETION REQUEST
A user may request that their data be deleted. Send your request in an email to [email protected]
PERSONAL INFORMATION COLLECTED FROM THIRD PATY ACCOUNTS
If you link Shuffll to a third party account, we may collect and store certain information.
Shuffll may allow you to connect a YouTube channel to your Shuffll account. In this case, we will access certain information from YouTube about your channel using YouTube API Services. We may collect channel title, channel thumbnail, username / profile ID, email, access tokens, and live broadcasts. This includes information related to your live videos (such as comments, live viewer counts, ingest address, stream name). If you decide to connect a YouTube channel to your Shuffll account, see Google’s privacy policy. When disconnecting a YouTube channel on Shuffll, Shuffll will delete the stored data associated with that YouTube channel. In addition, you can revoke access via Google’s security settings page.
LINKS
We may offer links from our Services to the sites or apps of our service providers, affiliates or unrelated companies that may be of interest to you. Shuffll makes no representations as to such third parties’ practices for dealing with your personal data.
Shuffll is not responsible for how other organizations or social media platforms use and share your personal data. We recommend that you check the privacy policies of any apps, sites or platforms you associate with before sharing your personal data with such third parties.
ACCEPTANCE OF THIS PRIVACY POLICY
By using our Services, accessing our Website and/or App, you are consenting to the practices relating to personal data collection and use that are described in this Privacy Policy.
Please note that our Services are controlled and offered by Shuffll from its facilities in Tel Aviv, Israel. The laws of other countries may differ regarding how personally identifiable information must be handled by Shuffll. Shuffll makes no representations that our Services are appropriate or available for use in other locations. Those who access or use the Service from other jurisdictions do so at their own volition, and consent to Shuffll’s collection, storage and use of their personally identifiable information as set forth in this Privacy Policy.
CHANGES TO THIS PRIVACY POLICY
We may change this Privacy Policy from time to time in order to better reflect our current data handling practices. Thus, we encourage you to review this Privacy Policy frequently! The “Last Updated” date above indicates when this Policy was last changed.
Any material change to this Privacy Policy will be clearly displayed on our Website and App. Personal data collected by us will be dealt with in accordance with the provisions of our Privacy Policy which were in effect at the time of collection. If at any time in the future we plan to share personal data with more third parties, we will maintain GDPR compliance and a high standard of care for your personal data. Your continued use of our Services following the posting of any changes to this Privacy Policy means you accept such changes. Should you not agree, you should no longer use our Services and go to your Privacy Settings to terminate your account.
FURTHER GDPR INFORMATION FOR USERS IN THE EUROPEAN UNION
Shuffll is the data controller of the personal data processing described in this policy. Shuffll is located at 30 Chaim Lebanon st. Tel Aviv, Israel.
Legal bases for processing your personal data.
The legal basis under EU law for collecting and processing your social media profile information during registration is our legitimate interests in operating and maintain the Shuffll Services.
The legal basis under EU law for collecting, processing and publicly broadcasting your user generated content such as broadcasts, chats, posts or other contributions is the performance of our Term of Use agreement as required to provide our Services, as well as is our legitimate interests in operating and maintain the Shuffll Services.
The legal basis under EU law for collecting and processing your information when you contact us with questions, ideas, feedback, concerns or for purposes of customer/technical support, is our legitimate interests in serving you as a user of our Services, managing the Services and business development and planning.
The legal basis under EU law for collecting and processing information about your digital wallet is the performance of our Term of Use agreement as required to provide our services, as well as is our legitimate interests in operating and maintain the Shuffll platform.
The legal basis under EU law for collecting and processing information from surveys you voluntarily participate in, is your consent.
The legal basis under EU law for collecting and processing Metadata analytics Information is our legitimate interest in managing the Services and business development and planning.
The legal basis under EU law for processing data in order to contact you from time to time with information about service updates, feature updates, newsletters or unique offers, or regarding technical issues or other information important for our Services, is our legitimate interests in serving you as a user of our Services, and promoting the Services.
The legal basis under EU law for processing data to enforce the
Terms of Use, this Policy, or to prevent activity we determine to be potentially illegal, harmful or not in the public interest is our legitimate interests in protecting our business, Services and other third parties from misconduct.
The legal basis under EU law for processing data in response to a subpoena, regulatory investigation or court order, to law enforcement authorities or regulators who have demonstrated their lawful authority, is our legitimate interests in complying with legal obligations.
You have certain rights to access, update or delete your information, obtain a copy of your information, withdraw your consent and object or restrict certain data processing activities.
If you are in the EU, you have the following rights under the GDPR:
Right to Access your personal data that we process and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
Right to Withdraw Consent to processing your personal data, at any time, where the processing is based on your consent. If you do that, we will still process certain information on legal basis other than consent, as described in this Policy. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.
Right to Object, based on your particular situation, to using your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your personal data for direct marketing purposes.
Right to Restrict processing your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you opposes the erasure of the personal data and requests instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you withdraw your consent, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.
If you wish to exercise any of these rights, contact us at [email protected]
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason for this.
Subject to applicable law, you also have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
FURTHER CCPA INFORMATION FOR USERS RESIDING IN CALIFORNIA
This is the information we have collected about visitors to our Website and users of our App in the past 12 months:
1. Identifiers: your name, a profile picture, your e-mail and mailing address, your phone number and social following
Source of Information: The user themselves. Social media platforms.
2. Information that identifies, relates to, describes, or is capable of being associated with, a particular individual: Your location and language, your social profile and following (that is, data about your connections), the content you provide us when you enter profile data, create broadcasts, chats, posts, moments, when you gift or fan another user or subscribe to a partner’s broadcasts, communication from you, and information you provide us when you answer our surveys.
Source of Information: The user themselves. Social media platforms.
3. Biometric information: Profile picture from social media platforms
Source of Information: Social media platforms.
4. Commercial information: information about your e-wallet, including the wallet’s address, any signature you provide, and the balance in the wallet.
Source of Information: The user themselves.
5. Internet or other electronic network activity information: when you last logged in, when you created a broadcast, liked or commented on someone else’s broadcast, when you created a moment, how many bars or coins you have, your total airtime, your IP address and information about your device or browser.
Source of Information: The user themselves. Social media platforms.
6. Geolocation data: IP address, your location provided to us when you register to the service.
Source of Information: The user’s device.
The following are the business or commercial purposes for which we use each category of personal information. Details about the information we collect for each category are provided in the table above. More details about the business or commercial purposes are provided in the privacy policy’s section titled ‘HOW WE USE PERSONAL DATA’.
1. Identifiers.
2. Information that identifies, relates to, describes, or is capable of being associated with, a particular individual.
3. Commercial information.
4. Geolocation data.
5. Biometric information.
For all the above –
Business or commercial purposes pursuant to the CCPA:
Providing customer service, processing or fulfilling orders and transactions, verifying customer information.
Specific purposes:
To provide our products and services. To verify your identity. To communicate with you. To improve our products and services and prevent fraud. To receive feedback from you. Analyze user database to review preferences and trends.
6. Internet or other electronic network activity information.
Business or commercial purposes pursuant to the CCPA:
Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity. Undertaking internal research for technological development and demonstration. Debugging to identify and repair errors.
Specific purposes:
To provide our products and services. To verify your identity. To communicate with you. To improve our products and services and prevent fraud. To receive feedback from you. Analyze user database to review preferences and trends.
Please note that we do not sell your data and we have not done so in the preceding 12 months.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require. If you have a password-protected account with Shuffll, we may ask to verify your request through the account’s existing authentication methods. If you request that we disclose or delete your information, we will require you to re-authenticate with your account.
Last updated: January 1, 2023
