Privacy Policy
The last update of this Privacy Policy was made on 16 august 2024.
This Privacy Policy is an integral part of the Terms of Use.
As the controller/business, Company has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this risemee.com website (hereinafter - the “Site”, “Website”) and Risemee app (hereinafter - the “App”) operated by Lasta Inc., registered address: 8480 Honeycutt Road, Suite 200, Raleigh NC 27615, registered number: 6441699 (hereinafter referred to as “We,” “Us,” “Our”, “Company”). The Website and App hereinafter are collectively referred to as a “Risemee”, “Platform”.
In this Privacy Policy Lasta Inc., registered address: 8480 Honeycutt Road, Suite 200, Raleigh NC 27615, registered number: 6441699 as the controller/business of personal data.
This Privacy Policy describes the privacy practices for the Website and the App operated by Company (hereinafter “we”, “us”, “our”, “Company”) and how the Website and App collect and use the personal data you provide on the Website and App, with the purpose to use Risemee and services (hereinafter referred to as the “Risemee Services”). It also describes the choices available to you regarding our use of your personal information and how you can access, update and delete this information.
The utilization of our Website does not necessarily entail the provision of personal data. However, should a user opt to access Risemee Services through our Platform, it may be necessary to collect and process personal data. In instances where personal data processing is required, we typically seek consent from the user as a data subject, unless alternative legal bases for processing, such as legitimate interests or contractual obligations, apply.
The processing of personal data, encompassing information such as name, address, email address, or billing details of a data subject, is conducted in accordance with the General Data Protection Regulation (GDPR) and relevant country-specific data protection laws governing our Company. Through this Privacy Policy, we aim to provide comprehensive insight into the nature, extent, and objectives of the personal data we gather, utilize, and manage. Additionally, this Privacy Policy serves to acquaint data subjects (users) with their entitlements concerning their personal data.
This Privacy Policy also includes Notice at Collection provisions (in particular, Sections 2, 4, 5 of this Privacy Policy), required under California Consumer Privacy Act.
IF YOU DO NOT AGREE TO THIS POLICY DO NOT USE RISEMEE. YOUR USE OF THE PLATFORM, RISEMEE AND/OR SERVICES SIGNIFIES THAT YOU AGREE TO THIS PRIVACY POLICY AND CONSTITUTES YOUR BINDING ACCEPTANCE OF THIS PRIVACY POLICY, INCLUDING ANY MODIFICATIONS THAT WE MAKE FROM TIME TO TIME. WE WILL INFORM YOU ABOUT ANY MODIFICATIONS THAT OCCUR IN THE ESSENTIAL PARTS OF THIS PRIVACY POLICY BY UPDATING THIS PAGE. ANY MODIFICATIONS TO THIS PRIVACY POLICY WILL BECOME EFFECTIVE IMMEDIATELY UPON ITS PUBLICATION DATE. IT IS CRUCIAL TO REGULARLY CHECK THIS PRIVACY POLICY TO KEEP YOURSELF INFORMED ABOUT ANY RECENT UPDATES OR MODIFICATIONS THAT MAY HAVE BEEN INTRODUCED. IF YOU CONTINUE TO USE THE RISEMEE AND THE SERVICES, YOU AGREE WITH THESE MODIFICATIONS. IF YOU DISAGREE WITH ANY SECTION OF THIS PRIVACY POLICY, KINDLY REFRAIN FROM USING THE PLATFORM.
1. DEFINITIONS
Personal data means any information relating to an identified or identifiable natural person (“data subject/user”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors act on behalf of the relevant controller and under their authority.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data subject/user is any identified or identifiable natural person, whose personal data is processed by the controller/processor; a user of the Website/ Risemee Software.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Encryption is a security protection measure for personal data; as a form of cryptography, it is a process whereby personal data gets turned into an encoded and unintelligible version, using encryption algorithms and an encryption key, and whereby a decryption key or code enables users to decode it again.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. SCOPE AND CATEGORIES OF PERSONAL DATA, LAWFUL BASIS FOR PERSONAL DATA PROCESSING AND DATA SUBJECT CATEGORIES
We strive to be compliant with data privacy regulations and implemented data minimization principles.
| NO. | SCOPE AND CATEGORIES OF PERSONAL DATA | DATA SUBJECT CATEGORIES | PROCESSING PURPOSE | LAWFUL BASIS FOR PERSONAL DATA PROCESSING |
|---|---|---|---|---|
| 1 | Full name (first and last) | Risemee users | To provide Risemee Service | Performance of a contract |
| 2 | E-mail address | Risemee users | To provide Risemee Service; to communicate information about our Services | Performance of a contract |
| 3 | E-mail address | Risemee users | To send marketing communications | Consent |
| 4 | Automatically collected data (cookies and similar technologies, device and connection data) | Website users | To provide the features of the Website | Consent |
| 7 | Phone number (if applicable) | Risemee users | To provide refunds | Legitimate interest |
The retention of this data is undertaken to prevent the misuse of Risemee Services and, if necessary, facilitate investigations into committed offenses.Ú
Personal data is not shared with third parties, except in cases where it is essential to provide Risemee Services and/or there is a legal obligation to disclose this data upon request from government authorities and/or as part of criminal proceedings.
Personal data is stored separately in our database to prevent identification of data subjects, employing depersonalization features in compliance with the data privacy regulations storage limitation principle.
We do not authorize the use of your personal data by any third party (except under exceptional conditions as outlined under "Legal Matters" below). We employ various online security measures to safeguard and maintain the privacy and security of your personal information.
When purchasing Risemee, you are required to provide user’s Information, including your first name, last name, and email, which we process and store.
You are also required to provide Billing Information and Payment Method, which includes your Personal data, partially processed by us and/or processed by payment providers (if the payment for the Risemee Services was made on the Website) and/or processed by app stores and its payment providers (if the payment for the Risemee Services was made on the Apple App Store/Google Play Market).
You can access your account on our App using the login and password sent to your email. Your account activity is password-protected, and it is your responsibility to maintain the secrecy of your password.
In certain cases, we may collect your phone number to facilitate refund issuance. Our customer support specialists may request your phone number via live chat or email. We reserve the right to verify the provided phone number by calling you or sending an SMS. Additionally, we may call or send you an SMS to notify you that your refund has been confirmed and will be processed shortly.
We will also respond to your inquiries and communicate with you regarding any information or services you request.
Based on your separate consent, we may send you the marketing emails.
With regard to communication preferences, you are required to provide separate consent within your account for each type of communication. You always have the option to opt-out (unsubscribe) from any communication in your account, except for operational and/or non-marketing notifications such as payment acceptance, payment notifications, necessary updates, refunds, etc.
If you use a phone in a public place or share a phone with others, remember to log out/sign out and close the App when you finish accessing our App and Risemee Services to prevent others from accessing your personal information. You are solely responsible for controlling and using your password.
Target device users are NOT considered data subjects because these individuals cannot be identified or are not identifiable natural persons based on the information collected from target devices in encrypted form.
Payment information (if the payment for the Risemee Services was made on the Website). We implemented all necessary measures and standards in an area of payment security for Risemee Services. Our website is satisfied to PCI DSS and other requirements. We cooperate with different payment service providers and before our cooperation we check them according to our policies for the availability of licenses and other permits for the acquirer transactions. Within a payment execution you provide the following information to the payment service provider: (i) credit/debit card number; (ii) expiration date of credit/debit card; (iii) you full name; (iv) your e-mail. This information is partially collected and stored by the payment service provider and/or us.
3. DATA THAT WE COLLECT AUTOMATICALLY. COOKIES
During your navigation on our Website(s), we utilize tracking technologies such as Cookies, Log Files, and Pixel tags to automatically collect and store information. This data collection aims to enhance your browsing experience and optimize our Website's functionality.
The information we automatically collect, known as "log files," includes details about your device's connection to the Internet, the duration of your visit to the Website, and the specific pages accessed during each visit. We utilize this data for various purposes, including trend analysis, Website administration, tracking user activity, and compiling broad statistical information for aggregate use.
Our Website utilizes cookies, which are text files stored in a computer system through an Internet browser. These small files are placed on your hard drive by your web browser for record-keeping purposes. Cookies play a crucial role in tracking user trends and patterns by showcasing how and when visitors interact with the Website. They also streamline user experience by retaining preferences in specific areas of the Website where preference information has been previously entered. Each cookie contains a unique identifier known as a cookie ID, which allows Internet pages and servers to distinguish the individual browser in which the cookie was stored from others.
Through the utilization of cookies, we can offer users of our website more user-friendly services that would not be feasible without cookie settings. By using cookies, we can optimize the information and offerings on our website with the user in mind.
Users have the option to prevent cookies from being set on our Website by adjusting the settings of the Internet browser used, thereby permanently denying the setting of cookies. Additionally, previously set cookies can be deleted at any time via an Internet browser or other software programs, a feature available in all popular Internet browsers. However, if the setting of cookies is deactivated in the Internet browser used, some functions of our website may not be entirely usable.
If you do not wish to receive cookies, you may have the option to refuse them by adjusting your browser settings to reject cookies. However, doing so may result in the inability to access some functionalities, services, or support on our Website. If you have previously visited our Website, you may also need to delete any existing cookies from your browser.
In addition to cookies, we may utilize pixel tags, which are single-pixel image files, also known as transparent GIFs, clear GIFs, or web beacons. These pixel tags are used to access cookies and count users who visit the Website or open our HTML-formatted email messages.
The detailed information is in our Cookie Policy.
4. PERSONAL DATA COLLECTION AND USE
The Company processes personal data and gathers information for the following purposes (the “Purpose”):
- Facilitating the user's intent to utilize Risemee Services;
- Providing the user with the Risemee Services ordered and purchased;
- Executing a contract in which the user is a party, wherein the collected data are essential for Risemee to identify and invoice the user and process their payment via their bank card number;
- Verifying the user's identity and delivering customer support and assistance;
- Analyzing user interactions with our Website and Risemee Services to enhance our Services, user experience, and engagement.
We may utilize your Personal data to:
- (a) enhance your browsing experience by customizing the Website/App and improving Risemee Services;
- (b) communicate with you via email regarding registration status, password verification, and payment confirmation;
- (c) send communications regarding your use of Risemee Services, and (d) furnish statistical insights about our users to partners via secured channels under data processing agreements (DPA), as well as distribute marketing and promotional materials.
By expressing your intention to use Risemee Services, you are consenting to provide your personal data (for account registration and software/service purchases), thereby becoming a user of Risemee Services.
Please note that while providing your personal data is not mandatory, failure to furnish your name and email address may impede your ability to create an account, log in, make purchases of Risemee Services, and subsequently utilize these Services.
5. LEGAL MATTERS
We treat your use of Risemee Services with utmost privacy. However, we may disclose your personal information stored in your account and/or on Risemee servers and databases under the following circumstances:
- To comply with the law or legal process served on us.
- To enforce and investigate potential violations of this Privacy Policy, Terms of Use, including activities that violate the law.
- To investigate potential fraudulent activities.
- To protect the rights, property, or safety of Risemee, its employees, its customers, or the public.
- o provide the features of the Platform properly.
In the event of a change of control of Risemee (such as asset transfers through a merger, sale, assignment, or liquidation of the business entity), your personal information in our possession will be transferred to the new owner/successor. You will be notified of any such transaction and have the ability to exercise your legal rights under data privacy regulations. You may change or delete your personal data or opt out by contacting us as provided below, or following any new instructions posted by the acquirer.
Risemee may use certain trusted third parties service providers to help us provide, improve, and protect the services offered on the Website. Risemee shares Personal data with these third parties service providers. These third parties service providers will access your information only to perform services on Risemee's behalf, in compliance with this Privacy Policy, and under the respective agreements. For example, Risemee may provide payment information that you provide to certain payment processors (if applicable), without which a user would not be able to purchase the and solely to effect the sale of products or subscriptions that you have requested, and provides other personal data to third party service providers for purposes such as delivering email communications, providing customer support, and preventing fraudulent transactions.
Risemee may share IP addresses used to access Website with designated third parties serviceproviders for the sole purpose of preventing and detecting fraud. Risemee may also use services and technologies provided by other companies to assist Risemee in understanding how you use Website. As a result, information about how you use Website may be available to these other companies to the extent that their technology collects such information for Risemee’s use or for purposes of delivering relevant online or mobile advertising to you.
In the event of a personal data breach, we, as a controller, shall notify the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it.
6. WHERE DATA SUBJECT’S PERSONAL DATA ARE STORED
Usually, personal data, which are provided by users are stored on the servers in Germany and Netherlands. We adopted all necessary security measures for protection of your personal data according to the best practices of security, protection and confidentiality. If we transfer your personal data to third party service providers, we will compel each third-party service provider to adopt necessary security measures for protection of your personal data according to the respective data protection agreement.
7. ENCRYPTED DATA
We have put in place security hardware, software and software update and network scanning procedures designed to safeguard and secure the information (including personal data) under our control and follow generally accepted industry standards. We work (if applicable) with third party service providers and vendors that use encryption and authentication to maintain the confidentiality of your personal data. If stored, we house personal data on systems behind firewalls that are only accessible to limited personnel, who are under data processing agreement.
We store personal data of all our users in an encrypted way. We use asymmetric public-private key cryptosystem RSA with key size is 4096 bit (further RSA) and symmetric-key algorithm AES with key size is 256 bit (further AES).
Asymmetric public-private key cryptosystem RSA (key size is 4096 bit) use public encryption key and private decryption key. The public encryption key is storing in database (DB) in open way. The private decryption key is storing in DB encrypted using AES 256 using key which consist of the user’s password and secret key. It cannot be decrypted without user’s password and secret key.
User’s credentials are user’s login is stored in DB. User’s password is not stored. We store only hash of the password. We generate public-private key pair for cryptosystem RSA during user’s sign up. This public-private key pair is unique for each user. The key pair is stored in DB encrypted format using AES 256.
Login process: We use user’s password from login form for decrypting user’s original private key.
Encryption data: We get opened data from devices using encrypted https protocol. We immediately start encryption process of the data on the server in the RAM without storing on server`s disks. We encrypted data using RSA using user’s public encryption key. The encrypted data is saved to our servers.
Decryption: We get user’s decrypted private key. We decrypt user’s text data using user`s original private decryption key. We show this information to user.
8. YOUR RIGHTS AS A DATA SUBJECT
You may ask Company to disclose what personal data it has about you and what it does with that information, to delete your personal data, to direct Company not to sell or share your personal data, to correct inaccurate information that it has about you, and to limit Company’s use and disclosure of your sensitive personal information:
- Right to know: You can request that a Company discloses to you: (1) the categories and/or specific pieces of personal information it has collected about you, (2) the categories of sources for that personal information, (3) the purposes for which the Company uses that information, (4) the categories of third parties with whom the Company discloses the information, and (5) the categories of information that the Company sells or discloses to third parties. You can make a request to know up to twice a year, free of charge.
- Right to delete: You can request that Company delete personal information it collected from you and tell it service providers to do the same, subject to certain exceptions (such as if the business is legally required to keep the information). Company cannot delete Personal Information that it is under a legal obligation to maintain.
- Right to opt-out of sale or sharing: You may request that Company stop selling or sharing your personal information (“opt-out”), including via a user-enabled global privacy control. Company cannot sell or share your personal information after they receive your opt-out request unless you later authorize it to do so again.
- Right to correct: You may ask Company to correct inaccurate information that it has about you.
- Right to limit use and disclosure of sensitive personal information: You can direct Company to only use your sensitive personal information (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the services you requested.
If one of the aforementioned reasons applies, user may at any time contact us via email [email protected].
Risemee will not discriminate against you for exercising your rights under this section of this Privacy Policy.
9. DATA STORAGE AND DATA REMOVAL
The criteria for determining the storage period of personal data is primarily based on the applicable statutory retention period. Once this period expires and we no longer require the personal data for our purposes, we securely and routinely delete or destroy it, unless it is still necessary for the intended purpose. As the data controller, we will process and retain the personal data of the data subject only for the duration necessary to fulfill the purpose of providing Risemee Services, or as permitted by applicable laws or regulations.
However, in the event of ongoing conflict situations, Risemee may retain personal data for a period of 180 days or longer if such processing is required for establishing, exercising, or defending legal claims, or for compliance with a legal obligation imposed by Union or Member State law, particularly in cases of expired accounts or when a data subject requests deletion of their personal data. Upon the expiration of this period, or earlier if the conflict is resolved, all personal data and information collected from a target device will be deleted.
We typically retain all logs and information downloaded from a target device in encrypted form for a period of 3 months. It's important to note that any logs and information downloaded from a target device using Risemee and stored in the Company's database for more than 3 months will be automatically deleted for security reasons, with appropriate notification provided to you. Logs can be downloaded by the user within the specified timeframe for further storage, if necessary.
Regarding active accounts, we do not retain all downloaded information from a target device on our servers for more than 3 months. Upon the expiration of this period, all information is deleted. In the case of expired accounts, all downloaded information from a target device is deleted within 1 month.
If you wish to remove all logs and information downloaded from a target device in your Account, please uninstall Risemee from your device(s) and send an email to [email protected] (or click on the "Delete my Account" button in your Account). Your Account will be permanently removed within 30 days or earlier from our active systems, servers, and backups. By deleting your Account, all your personal data excluding billing information for compliance with legal obligations, and gathered information from a target device will be removed as well.
To opt out of further email communications from us, simply click on the opt-out button in the email, or contact us as instructed at the end of this Privacy Policy. Please allow up to 30 calendar days for us to comply with your request. If you need to change your personal data provided to us, please contact us using the information provided at the end of this Privacy Policy.
10. CHILDREN’S PRIVACY
Provision of Risemee generally not aimed at children. This Platform is not intended for use by children under the age of 18.
The Company is acting in compliance with COPPA. We do not knowingly collect information from children and minors. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide information on our Platform without their permission.
Our Website and Service is not directed to, nor do we knowingly collect personal data from children under the age of 13. If we obtain actual knowledge (including via email [email protected]) that we have collected personal data from a child, we will comply with industry guidelines and applicable laws and will promptly delete it, unless we are legally obligated to retain such data.
Our Website and Service are not directed towards, nor do we intentionally collect personal data from individuals under the age of 18. If we become aware that we have collected personal data from a child, we will adhere to industry standards and applicable regulations and promptly remove it, unless legally obligated to retain such data.
11. MISCELLANEOUS
We reserve the right to update and amend this Privacy Policy at any time, and any changes will be posted on the Website. Therefore, we encourage you to review this Privacy Policy regularly. The date of the current version of this Privacy Policy is provided below, so you can easily determine when it was last updated.
Changes made to this Privacy Policy will not affect any personal data we have previously collected from you, or personal data collected after such changes.
If you disagree with any changes made to this Privacy Policy, please contact us using the information provided below.
Individuals accessing the website from locations outside the European Union are responsible for compliance with applicable local laws.
This Privacy Policy is governed by and construed with the laws of State of Delaware.
For any questions or suggestions regarding this Privacy Policy, please contact us via email at [email protected].