GDPR Compliance

At Best of Me, we are committed to protecting your personal data and respecting your privacy rights in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Compliance Statement outlines our practices regarding the collection, processing, and protection of your personal data.

1. Data Controller Information

The data controller responsible for your personal data is:

Reactive Technologies s.r.o.
Address: Šalviová 876/30, 821 01 Bratislava, Slovakia, EU
Email: dev@bestofme.app
Website: bestofme.app

If you have any questions about our data practices, please contact us at the above address.

2. Lawful Basis for Processing

Under the GDPR, we must have a lawful basis to process your personal data. We process data under the following bases:

Consent: We process certain personal data based on your explicit consent, such as health and wellness data that you voluntarily provide within the app.
Contractual Necessity: We process personal data to provide our services to you, such as account information and payment processing.
Legal Obligation: We may process personal data to comply with our legal obligations.
Legitimate Interests: We process some data to improve and secure our services, protect against fraud, and understand user engagement. We ensure that our legitimate interests are balanced against your privacy rights.

3. Types of Data We Collect

We collect the following categories of personal data in compliance with GDPR principles:

Personal Identification Information: Includes name, email address, and account credentials.
Health and Wellness Data: Information related to mental health, journaling entries, or self-assessment responses.
Payment Information: Collected for subscription services, processed by secure third-party payment providers.
Usage Data: Data regarding your interactions with our app, device information, and IP address, which help us improve and secure our services.

For more details on data collection, please refer to our Privacy Policy.

4. User Rights under GDPR

Under the GDPR, you have specific rights concerning your personal data. These rights include:

Right of Access: You can request access to the personal data we hold about you.
Right to Rectification: You have the right to request corrections to inaccurate or incomplete personal data.
Right to Erasure: You may request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
Right to Restrict Processing: You can request that we restrict processing of your data if you believe the data is inaccurate or our processing is unlawful.
Right to Data Portability: You have the right to receive your data in a commonly used format and to request transfer to another data controller.
Right to Object: You can object to our processing of your personal data based on legitimate interests, or for direct marketing purposes.
Right to Withdraw Consent: If you have provided consent for data processing, you have the right to withdraw it at any time.

To exercise any of these rights, please contact us at [email@example.com]. We will respond within one month of receiving your request, in compliance with GDPR requirements.

5. Data Security and Protection

We implement appropriate technical and organizational measures to safeguard your personal data and protect it from unauthorized access, disclosure, alteration, or destruction. These measures include:

Encryption: Personal data is encrypted during transmission and at rest.
Access Controls: Only authorized personnel have access to personal data.
Data Minimization: We collect only the minimum personal data necessary to provide and improve our services.
Regular Audits: We perform routine audits of our security practices to prevent vulnerabilities.

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or to comply with legal requirements. When data is no longer needed, we securely delete or anonymize it in compliance with GDPR principles.

7. Data Transfers Outside the EEA

If we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

Standard Contractual Clauses: Using EU-approved standard contractual clauses to protect personal data.
Data Protection Agreements: Agreements with third-party service providers that ensure GDPR compliance and adequate data protection.

8. Third-Party Processors

We may share your data with third-party processors who assist in delivering our services. Each processor is carefully selected to ensure they provide an adequate level of data protection. These processors may include:

Payment Processors: For secure handling of payment information.
Analytics Providers: For user behavior analysis, with anonymized data.
Cloud Storage Providers: For data hosting in secure environments.

All third-party processors are required to comply with GDPR and other relevant data protection laws.

9. Cookies and Tracking Technologies

Our app uses cookies and similar tracking technologies to provide a smooth user experience and improve functionality. For more details on cookies, please see our Privacy Policy and Cookie Policy.

10. Changes to this GDPR Compliance Statement

We may update this GDPR Compliance Statement periodically to reflect changes in our data practices or legal requirements. We will notify you of significant changes by posting the updated statement on our website and updating the “Effective Date” above.

Contact Information
If you have questions, concerns, or would like to exercise your GDPR rights, please contact us:

Best of Me
Reactive Technologies s.r.o.
Email: [dev@bestofme.app]
Website: bestofme.app
Address: [Šalviová 876/30, 821 01 Bratislava, Slovakia, EU]

This GDPR Compliance Statement provides an overview of your data rights, our lawful data practices, and our commitment to protecting your personal data in compliance with GDPR.

Effective Date: Nov 5, 2024