Harmonybit logo

HARMONYBIT PRIVACY POLICY

HARMONYBIT LTD (“Harmonybit”, “we”, “us” or “our”) is a company registered in the Republic of Cyprus with company number HE 3920773 and a registered address at Spyrou Kyprianou, 79, PROTOPAPAS BUILDING, 2nd floor, Flat/Office 201, 3076, Limassol, Cyprus. We develop and publish applications and games for mobile devices.

We are a data controller and are responsible for the collection, use, disclosure, retention and protection of your “personal data” (which has the meaning as set out in the General Data Protection Regulation (the “Data Protection Laws”)).

When you use Harmonybit’s “Luvly: Face Yoga & Exercises”, “Dancebit: Weight Loss at Home”, “Video Puzzles – Magic Puzzle” games, and the “My Water” and “Astrospot: horoscope matches, daily predictions” or other apps or our corporate websites available at https://harmonybit.com and at facetory.beauty (each being, our “Platform”, collectively, the “Platforms”), we may collect, store and process some data, including personal data. This privacy policy (“Privacy Policy”) sets out the main principles on which the data collected from you, or that you provide to us, will be processed by us. This Privacy Policy also aims to remind you about your rights and to provide you with all the elements you need to exercise them. For data protection laws in the Republic of Cyprus, we are the controller of your personal data.

If you have any questions related to this Privacy Policy or our practices around privacy and data protection in general, please don’t hesitate to contact us.

BY USING THE PLATFORMS, YOU PROMISE US THAT YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY. If you do not agree, or are unable to make this promise, you must not use the Platforms. In such case, you must (a) delete your account using the functionality found in “Settings” in the App, or contact us and request deletion of your data; (b) cancel any subscriptions using the functionality provided by Apple (if you are using iOS) or Google (if you are using Android); and (c) delete the App from your devices.

I. WHAT DATA DO WE COLLECT AND PROCESS?

When you visit our Platform, you may provide us with the following types of data, and we may collect and process such data in accordance with his Privacy Policy, as follows:

Contact Data This may include your name and your email address. This information will be collected by us if you communicate with us, for example if you use the links on our Platforms to communicate with us via email.
Account Data If you create an account on our Platforms (including the creation of a Gismart ID) to benefit from our Platforms, you may need to provide your name, email address, phone number and your photograph. If you use Facebook or Google to log in to our Platforms, Facebook [or Google] will share data with us including but not limited to your profile data, language, location and publicly available information about you and your friends.
Physical Data This may include your gender identity, weight, age, date, place and time of birth, zodiac sign, photos (palm, face, etc.), sleep time.
Social Data This includes relationship status, duration of relationship (if any).
Correspondence Data This includes the information you provide when you request support through our Platform, contact us via the email address provided in this Privacy Policy and elsewhere on our website and your views, opinions and feedback which you choose to provide in relation to the Platform and our services, including any comment facilities and message boards.
Session Data This includes your IP address, your device’s unique identifier details, browser details including version, device operating system, geolocation, time zone setting and time/date of access requests, the amount of data transmitted and the requesting provider. We may also capture other information about visits to our Platform such as pages viewed and traffic patterns.
Cookie Data Cookies are small files which are downloaded to your device when accessing our platform. Most web browsers automatically accept cookies. Please refer to paragraph 4 below for further details about our use of cookies.
Preference data This includes any information you choose to provide us.
Payment data Our Platforms include purchases directly in the application (including subscriptions)  and/or purchases directly through our website. If you want to make a purchase in the application, you may do this with the help of payment system provided by Google Play (managed by Google) or AppStore (managed by Apple) and integrated into the apps. The in-app payment system is managed by the Google Play/AppStore administration or its authorized partner. Under no circumstances do we collect or process any information related to your payment instruments, such as bank card number, its validity term or your name as written on it. When you purchase directly through our website, including subscription, you authorize us to have our payment processor collect this information. We do not store such information on our servers.

II. INFORMATION WE USE BUT NOT COLLECT

In order to make possible for you to use certain functions of “Luvly: Face Yoga & Exercises” app, we will process data obtained from your device (iOS devices with a front-facing TrueDepth camera) through the use of the Apple Software (through TrueDepth API technologies (ARKit Framework)) that will provide us information about such human faces’ position, orientation and their topology. Information related to human faces obtained through the use of the Apple Software (ARKit) are the “Face Data”. The Face Data shall be considered the personal data.
Notwithstanding anything to the contrary in other Sections of this Privacy Policy in relation to the personal data, we do not:

• collect, store, share or transfer the Face Data off the User devices;
• use the Face Data to identify any particular individual user;
• use the Face Data for authentication, advertising, or marketing purposes, or to otherwise target a user in a similar manner;
• use the Face Data to build a user profile, or otherwise attempt, facilitate, or encourage third parties to identify anonymous users or reconstruct user profiles based on the Face Data;
• transfer, share, sell, or otherwise provide the Face Data to advertising platforms, analytics providers, data brokers, information resellers or other such parties.

You hereby express your informed written consent on processing of your Face Data as described in this Section 2 of the Privacy Policy.

III. HOW DO WE USE DATA?

When you use our Platforms, we can collect and process some of your data for different legitimate purposes. You will find below explanations regarding the reasons why we may collect data and the legal bases we rely on in each case.

Data we use: Purpose: Lawful Basis:
Contact Data To respond to communications that you send to us Necessary for the performance of a contract where such communication relates specifically to our Services, otherwise legitimate interests so that we can respond to your query
To market products and services to you only where you have requested that we do so, or otherwise provided your explicit consent (either via our website, by emailing us or by accepting push notifications on your device) Consent
Customer relationship management (“CRM”) purposes Necessary for the performance of a contract
To enable social functionality, such as giving you the option to follow your contacts on the Platforms. Consent
Account Data To enable you to personalize your use of our services; Necessary for the performance of a contract
To enable you to save and maintain your profile and administer your account with us; and
To enable us to identify you.
Physical Data To analyze the audience, sleep time Necessary for the performance of a contract
To configure water rate per day Necessary for the performance of a contract
To provide entertainment services related to astrology, palmistry, numerology, horoscopes, relationship advice Necessary for the performance of a contract
To improve algorithms efficiency, accuracy and quality of suggestions related to face scanning features to work. Necessary for the performance of a contract
Social Data To provide entertainment services related to astrology, horoscopes, relationship advice Necessary for the performance of a contract
Correspondence Data To help address issues you raise with us and to improve the Platforms and our services. Legitimate interests
Session Data To administer, maintain and improve the Platform and our services, including identifying you or your device across our Platform and apps. Legitimate interests
To identify and respond to potential risks to the security of our Platforms (for example spammers, phishing attempts, screen scraping and other actions which may violate our Terms of Use).
Preference Data To infer your interests, including serving and suggesting content that you might like, and tailoring advertising to you based on such preferences. Legitimate interests

IV. DATA RETENTION

a. By using our Platform, you consent for us to store your personal data in line with legal, regulatory, financial and good-practice requirements.

b. The period for which we may retain your personal data will depend on the type of personal data collected, the purposes for which it was collected, applicable limitation periods for the exercise of legal rights and whether any legal or regulatory obligations require the retention of the personal data.

V. COOKIES AND TRACKERS

a. We use cookies and other software development kits (“SDKs”) and third-party libraries. Our Platform uses the following categories of cookies:

Strictly necessary cookies These are cookies that are required for the operation of our Platform. They include, for example, cookies that enable you to load webpages.
Analytical/performance cookies These cookies allow us to recognize and count the number of visitors to our Platform and to see how visitors move around our Platform. This helps us to improve the way our Platform works, for example, by ensuring that visitors are finding what they are looking for easily.
Functionality cookies These are used to recognize you when you return to our Platform. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Tracking ID Every iOS and Google Android device has a unique Tracking ID, for iOS devices, called an Identifier for Advertising (IDFA) and for Android devices, called a Google Advertising ID (AAID). These Tracking IDs enable app providers and advertisers to track user activity and target ads at those users.

b. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control.

c. You may block cookies by updating the relevant settings on your device or browser to allow you to refuse the setting of some or all types of cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our site.

VI. WHO DO WE SHARE YOUR DATA WITH?

Harmonybit does not share your personal data except as consented by you or as described herein. We may need to share your personal data with selected third parties in the following circumstances:

Third party service providers This may include providers of certain systems and services that we use to host, administer and maintain our Platforms, including for example the servers used to host our Platforms, email service providers, payment processors, fraud prevention vendors, analytics, customer service providers and other service providers.
Third party service providers for marketing purposes If you explicitly consent to any marketing from us, certain personal data may be shared with third party service providers we use to help us carry out marketing including, for example, third party marketing automation platforms.

A list of these third-party service providers and business partners and their privacy policies is available at https://harmonybit.com/partners/. The privacy policies of our partners may include additional terms and disclosures regarding their data collection and use practices. We encourage you to check those privacy policies to learn more about their data collection and use practices.

Group companies Your personal data may be shared among affiliates and subsidiaries. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.
To comply with legal or regulatory requests If we are under a duty to disclose or share your personal data to comply with any legal or regulatory obligation, we may share your personal data with a regulator or law enforcement agency.
Prospective buyers or sellers If HARMONYBIT LTD, or its owners, buys or sells any business or assets, we may disclose your personal data to the prospective buyer or seller of such business or assets. If HARMONYBIT LTD (or substantially all of its assets) is acquired by a third party, your personal data held by HARMONYBIT LTD, or within such assets, may be transferred to such third party.

For certain functions of “Fotollax – AI Avatar Portraits” app we engage a third-party API service provider Astria (https://www.astria.ai/). The app sends user photos directly to the third-party service and receives an AI-generated set of images in response. The processing of the user’s photos and creation of new image sets happen on the side of the 3rd party service according to their policies. We do not collect any face data in the app and therefore we do not use it in any way.
3rd party privacy policy: https://www.astria.ai/privacy
3rd party storage policy: https://www.astria.ai/terms

VII. WHERE IS YOUR INFORMATION STORED?

a. We will store your data in Europe where possible. We will do our best to keep this information secure. No information security system is perfect so please remember to be careful.

b. Where will your data be stored? The information we hold will primarily be stored and processed in the EU, but there may be circumstances where we need to work with trusted third parties outside of the EU in order to provide the Services to you (e.g. where we run servers in the US). By submitting your personal data, you explicitly agree to such transfer, storing or processing of data outside the EU. We will take all steps reasonably necessary to ensure that this information is treated securely and in accordance with this Privacy Policy.

c. All information we hold is stored on our secure servers (which we own or license from appropriate third parties). We use industry standard procedures and security standards to prevent unauthorised access to our servers, however no online service or website can be completely secure, so please protect the data in your possession as well.

VIII. HOW CAN YOU MANAGE YOUR DATA?

If you wish to access, correct, update your personal information, you can do so at any time by contacting us via e-mail: [email protected].

If you would like us to delete your information, you may send an e-mail to [email protected] and place “Delete My Account” in the subject line.  If you proceed with the deletion of your account, you will no longer have access to the account or services associated with your account. Other steps you should take should you wish to delete your account include disassociating your Facebook account from our applications, if applicable, and deleting the application(s) from your device. Please note that if you ask us to delete your account, all your progress in the application and any unused virtual items will be lost and we may not be able to restore them in the future. 

IX. THIRD PARTY WEBSITES

Our Platform may contain links to third party websites. If you follow a link to a third-party website, please note that this Privacy Policy does not apply to those websites. We are not responsible or liable for the privacy policies or practices of those websites, so please check their policies before you submit any data to those websites.

X. SECURITY

1. We take data security seriously. We implement and maintain appropriate technical and organizational measures including resilient security systems and protocols to protect the personal data we store.

2. We have put procedures in place to deal with any suspected data security breach and will notify you and applicable regulator of a suspected breach where the breach may cause a risk to you.

3. Our security procedures mean that we may occasionally request proof of identity before we are able to disclose personal data to you.

XI. ACCESSING YOUR PERSONAL DATA AND YOUR RIGHTS

As a result of us collecting and processing your personal data, you have the following legal rights:

a. To access personal data we hold on you;
b. To request us to make any changes to your personal data if it is inaccurate or incomplete;
c. To request your personal data is erased where we do not have a compelling reason to continue to process such personal data in certain circumstances;
d. To receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the personal data is based on:
(i) your consent;
(ii) our necessity for performance of a contract to which you are a party to; or
(iii) steps taken at your request prior to entering into a contract with us and the processing is carried out by automated means;
e. To object to, or restrict, our processing of your personal data in certain circumstances;
f. If we use your personal data for direct marketing, you can ask us to stop and we will comply with your request;
g. If we use your personal data on the basis of having a legitimate interest, you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;
h. To object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you;
i. If we are processing your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted pursuant to lawful processing grounds other than consent. You may do so by contacting us;
j. To lodge a complaint with a data protection supervisory body, which at present, is the Commissioner for Personal Data Protection.

To exercise your rights, please contact our data protection officer at [email protected] or write to us
at the address set forth in the “Contact” section.

XII. OUR POLICIES CONCERNING CHILDREN

Our Platform is not intended for children (under the age of 13 or such higher age as required by applicable law). We do not knowingly collect or solicit any personal data or target interest based advertising to children and we do not knowingly allow children to register for or use the Platform. Children should not use our Platform or send us any personal data about themselves at any time. In the event that we learn that we have inadvertently gathered personal data from children, we will take reasonable measures to promptly erase such information from our records. If you believe that we might have information from or about a child, please contact us [email protected].

XIII. CONTACT

Harmonybit’s Data Protection Officer

You may contact Harmonybit’s Data Protection Officer at [email protected] or the address below for further information.

HARMONYBIT LTD
Spyrou Kyprianou, 79,
PROTOPAPAS BUILDING, 2nd floor,
Flat/Office 201, 3076,
Limassol, Cyprus

XIV. CHANGES TO THIS PRIVACY POLICY

a. Any changes we may make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you via electronic communications within our Apps. Please check back regularly to keep informed of updates or changes to this Privacy Policy.

b. This Privacy Policy was last updated on February 27, 2023