HILY PRIVACY POLICY

Effective Date: 15 December, 2021

Hily Privacy Policy (the “Policy”) explains all the privacy matters you may face when using our website, https://hily.com and other websites run by Hily (the “Website”) and Hily’s mobile and web-based applications (the “App”), jointly the “Service”, operated by Hily Corp. (“Hily” or “we”).

This Policy is an integral part of the Hily’s Terms of Use (the “Terms”) and incorporated by reference into them. Please read this Policy carefully and if you have any questions, feel free to contact us at [email protected]. In case you have any ongoing questions about how to exercise your rights, etc., you may also contact us at [email protected].

Some services which may be employed by either Hily or you to interact with the Services may have their own privacy rules (third-party privacy policies). Thus, if your personal data is processed by such services, such processing is governed by third-party privacy policies, not this present Policy.

By using the Service, you agree that collection and processing of your data will be covered by the terms of this Policy.

1. Initial Notice to Users

1.1. Here, at Hily, we strive to protect your privacy. It goes without saying, by being a place for building the best connections between people, that the App exists as a vast social network, where users may share their experience, show emotions and just be themselves. All of those actions are connected to personal data sharing. Your “personal data” or just “data” means any information linked with you or the one that may identify you directly or indirectly as a person.

1.2. Privacy tips. Despite our best efforts, we cannot control how other users or third-party services may use your data. When using Hily, you should presume that everything you post, share or message on the App may be publicly viewable and accessible, both by Hily users and people outside the App. We want you to be careful about going public with your data, thus, we kindly ask you to follow our privacy recommendations as below:

when you post information about yourself or use the messaging function, the amount of personal information you share is determined at your own risk.
you share information with other users when you voluntarily disclose information on the Service (including your Hily profile). That is why we recommend and encourage you to think carefully about the information you disclose about yourself. Please be careful with your data and make sure that the information you publish is;
we do not recommend that you put email addresses, URLs, instant messaging details, phone numbers, full names or addresses, credit card details, national identity numbers, drivers’ licence details and other important data on your Hily profile or send that data via direct messages to people that you do not trust;
we do not recommend that you share your sensitive data (religious denomination, sexual preferences, health details, political leanings, any kind of addictions, etc.) with other users. If you really desire to share this data safely (so as to set up more relevant connections, etc.), you may use Hily tags features. Regarding Hily tags, please read section 1.3 hereof to find out the benefits of their use;
photos that you share via Hily may reveal much information about you; please inspect all of them for data or objects that you do not want to go public with before you upload or share your photos;
please make sure you log out of your Hily profile after use from either your or a third-party’s device since you never know who may get access to them;
please do not share your access credentials (login, email, password, phone number, etc.) to Hily or other social media profiles with anyone else;
we recommend that you change your Hily and other social media password from time to time;
if you think or even have the slightest suspicion that someone may have had access to your Hily or social media profile or access credentials, first of all, change them immediately; if you lost your access to the profile owing to third-party activity, we recommend that you contact us at [email protected] (if there is no access to Hily profile) or report the issue to the relevant social media platform;
we kindly draw your attention to the fact that you are the only person who must care about your access credentials’ safety. Remember that in the event they are compromised, a third party may get your data. We cannot guarantee your data security if you lose control of your account and do not notify Hily about the issue.

1.3. Hily tags. Instead of sharing some of your data in a text description of your profile, we recommend that you use Hily tags to identify you as a person of a specific style. We find it a more secure and beneficial option since you may change them or hide them anytime you choose. Meanwhile, Hily tags allow you to create better connections with people who may share your views and are more likely to say “hello”. You may also choose to add information about yourself that may be categorized as sensitive data under your local data privacy laws, e.g., when you add certain Hily tags to your profile, such as your religion and political leanings, sexual preferences, health matters, etc. We do not usually indicate those tags as necessary for registration, so you may choose not to add that data. If you fill that information, including through adding certain tags to your profile, you are explicitly consenting to our processing of your information and making this public to other users. Still, all any time you are entitled to make us stop showing that data to others by deleting relevant tags in your profile settings, restricting some users from accessing your profile (in this case just blocked users will not see your data) or request that we delete your tags or other data at [email protected].

2. Changes and Updates to Policy

2.1. Reasons of Updates. We may revise the Policy according to new developments or advances in legislation and the broader data protection landscape from time to time, so please check this page regularly to ensure you’re always up -to-date with any changes.

2.2. Communication on Updates. If we make any changes hereto that, in our sole discretion, are substantial, we will notify you by email (to the address associated with your profile) or via the App, post a notice within Hily Services or make a notification appear in your profile when you next log in to Hily before amendments become effective. A notification regarding other changes may be rendered to you by publishing at https://hily.com/privacypolicy.

3. Your Data Controller and Data Processors; Third Parties Accessing Data

3.1. Information about who processes your data and with whom we may share your data is considered to be one of the most vital points you should know, so we place this article here, in the Policy's beginning. In this section, we also explain what third-party sources we may use to receive your data from.

3.2. Roles and Definitions. The first you should know is information about your data controller and processors. The data controller is an entity that determines the purposes and means of the processing of the data. The data processor is an entity that processes the data on behalf of the controller. A third party is a person whose access to the data depends on their rights or duties.

3.3. Data Controller; EU Representative; Data Protection Officers:

in this current case, your data controller is Hily Corp., a company with its registered address at 3172 North Rainbow Boulevard #1132, Las Vegas, NV 89108, United States of America; email: [email protected];
our EU Representative – for General Data Protection Regulation (GDPR) compliance purposes – is Risovel Limited, a company with its registered address at 7 Florinis Street, Nicosia, Cyprus, email: [email protected];
our Data Protection Officer (DPO) in the EU is Mr. Marko Rakic, address: 7 Florinis Street, Nicosia, Cyprus, email: [email protected]. If you are the EU citizen or a resident, feel free to contact our EU DPO in case you have any questions;

3.4. Data Processors. When processing your data, we may use the following data processors:

Google Maps service which may be represented by Google LLC (California, USA), Google Ireland Limited (the Republic of Ireland), Google Asia Pacific Pte. Ltd. (Singapore), or any other entity that directly or indirectly controls, is controlled by, or is under common control with Google LLC, which is a mapping services provider, in order to identify location and allow you to find nearby users. Google provides more information on how it processes data in its Privacy Policy;
AWS service (Amazon Web Services) represented by Amazon Web Services, Inc. with a registered office at 410 Terry Avenue North, Seattle, WA 98109-5210, which is a storage place provider, in order to store the data. AWS provides more information on how it processes data in its Privacy Policy;
Servers.com service represented by SERVERS.com B.V., with a registered office at Keienbergweg 22 (1101 GB), Amsterdam, The Netherlands, which is a storage place provider, in order to store the data. Servers.com provides more information on how it processes data in its Privacy Policy;
Zendesk service represented by Zendesk, Inc. with a registered office at 989 Market Street San Francisco, CA 94103, United States, in order to provide technical support services to you. Zendesk provides more information on how it processes data in its Privacy Policy;
Adjust service represented by Adjust GmbH with its registered address: Saarbrücker Str. 37a, 10405 Berlin, to analyze activity on the Website and in the App. Adjust provides more information on how it processes data in its Privacy Policy;
Firebase service which may be represented by Google LLC (California, USA), Google Ireland Limited (the Republic of Ireland), Google Asia Pacific Pte. Ltd. (Singapore), or any other entity that directly or indirectly controls, is controlled by, or is under common control with Google LLC, to analyze activity on the Website and in the App. Google provides more information on how it processes data in its Privacy Policy. Firebase also has its own privacy statements. Please find out more about how we use Firebase in section 3.5;
Facebook sync service which may be represented by Facebook, Inc. with its registered address: 1601 Willow Road, Menlo Park, CA 94025, USA, in order to allow users to log in with Facebook ID (Facebook profile). Facebook provides more information on how it processes data in its Privacy Policy;
Snapchat sync service which may be represented by Snap Group Limited with its registered address: 77 Shaftesbury Avenue, London, W1D 5DU, United Kingdom, in order to allow users to log in with Snap ID (Snapchat profile). Snapchat provides more information on how it processes data in its Privacy Policy;
Apple sync service which may be represented by Apple Inc. with its registered address: One Apple Park Way, Cupertino, CA 95014, USA, in order to allow users to log in with Apple ID (Apple profile). Apple provides more information on how it processes data in its Privacy Policy;
WeChat sync service which may be represented by Tencent International Service Pte. Ltd. with its registered address: 10 Anson Road, #21-07 International Plaza, Singapore 079903, in order to allow users to log in with WeChat ID. WeChat provides more information on how it processes data in its Privacy Policy.

3.5. Software Development Kits (SDK). Besides the data processors listed above, your data may be processed by other companies through SDK technology (they are also processors of your data). SDK are programming packages or libraries of code of one service incorporated in mobile applications of another service, so these applications could work on or with a specific platform of the SDK owner. Please consider the following information about them:

Name of SDK	Supplier	Data that SDK may collect	Purpose we use the data with
Firebase Analytics Software Development Kit	Google LLC	Number of users of our applications and sessions; session duration; operating systems of users’ devices; device models; geography; first launches date; number of the app opens; app version and updates; data on in-app purchases	We use Firebase Analytics to analyze active users’ number, support users from different regions and provide proper work of various versions of the application, as well as to develop and optimize the application and make our services more relevant for you
Firebase Crashlytics Software Development Kit	Google LLC	Crashlytics Installation UUIDs; Crash traces; Breakpad minidump formatted data	We use Firebase Crashlytics to trace crashes of the App; it helps us debug crashes.
Firebase Perfomance Monitoring Software Development Kit	Google LLC	General device information, such as model, OS and orientation, RAM and disk size, CPU usage, Carrier (based on Mobile Country and Network Code), Radio/Network information (for example, WiFi, LTE, 3G), Country (based on IP address), Locale/language, App version, App foreground or background state, App package name, Firebase installation IDs, Duration times for automated traces	We use Firebase Perfomance Monitoring to calculate the number of unique Firebase installations that access network resources, to ensure that access patterns are sufficiently anonymous. Additionally, we use IP addresses to map performance events to the countries from which they originate.
MoPub Software Development Kit	Twitter Inc.	Device identifiers, including your IP address, iOS Identifier for Advertising (IDFA), iOS Identifier for Vendors (IDFV), Android Advertising ID and a MoPub-specific identifier; your precise geo-location (when location services have been enabled for an app on your device that has integrated the MoPub SDK and APIs); demographic information (e.g., your age or gender) or information about your interests; information about your device, including the type and model, manufacturer, operating system (e.g., iOS or Android), carrier name, mobile browser (e.g., Chrome, Safari), and screen size; information about your app usage; information about ads served, viewed, or clicked on, including the type of ad, where the ad was served, whether you clicked on it, and whether you visited the advertiser’s website or downloaded the advertiser’s app.	We use MoPub to show you more relevant ads that will not annoy you.
Facebook Audience Network Software Development Kit	Facebook Inc.	Device identifiers, including your IP address, iOS Identifier for Advertising (IDFA), iOS Identifier for Vendors (IDFV), Android Advertising ID, and a Fb-specific identifier; your precise geo-location, when location services have been enabled for an app on your device that has integrated the Fb SDK and APIs; demographic information (e.g., your age or gender) or information about your interests; information about your device, including the type and model, manufacturer, operating system (e.g., iOS or Android), carrier name, mobile browser (e.g., Chrome, Safari), and screen size; information about your app usage; information about ads served, viewed, or clicked on, including the type of ad, where the ad was served, whether you clicked on it, and whether you visited the advertiser’s website or downloaded the advertiser’s app.	We use Facebook Audience Network to show you more relevant ads that will not annoy you.
Facebook Login Kit	Facebook Inc.	Information about your device, websites you visit, purchases you make, the ads you see, and how you use their services; information about your online and offline actions.	We use Facebook to enable you to login with your Facebook account.
AdMob Software Development Kit	Google LLC	Device identifiers, including your IP address, iOS Identifier for Advertising (IDFA), iOS Identifier for Vendors (IDFV), Android Advertising ID and a Fb-specific identifier; your precise geo-location, when location services have been enabled for an app on your device that has integrated the Fb SDK and APIs; demographic information (e.g., your age or gender) or information about your interests; information about your device, including the type and model, manufacturer, operating system (e.g., iOS or Android), carrier name, mobile browser (e.g., Chrome, Safari), and screen size; information about your app usage; information about ads served, viewed, or clicked on, including the type of ad, where the ad was served, whether you clicked on it, and whether you visited the advertiser’s website or downloaded the advertiser’s app.	We use AdMob to show you more relevant ads that will not annoy you.
Adjust Software Development Kit	Adjust GmbH	Data on number of installs; localization data; data on your purchases; data on sources of purchases.	We use Adjust to track and analyse our marketing efforts and for deep links functionality.
Agora Software Development Kit	Agora Lab, Inc.	Device information, including model, manufacturer and brand; user ID; channel mode; SDK version; network type; App ID; call detail record; General call information (including timestamp and duration of the call); Quality of services information (including network quality metrics); Quality of experience information (including video and audio resolution); Device status changes and device runtime metrics (including CPU usage); IP address	We use Agora to enable streaming features in the App, store streams’ records.
Snapchat Login	Snapchat, Inc.	Information about your activity in the app, information from your device’s phonebook.	We use Snapchat to enable you to login with your Snapchat account.
SCAppAdsKit	Snapchat, Inc.	Name, username, email address, phone number, and date of birth; a profile picture or Bitmoji avatar; a debit or credit card number and its associated account information; information about your activity; content you create; information from and about the devices you use; information from your device’s phonebook; images and other information from your device’s camera and photos; login information.	We use Snapchat to show you more relevant ads that will not annoy you.
Branch	Branch Metrics, Inc.	Advertising identifier (e.g. GAID, Android ID, IDFA, IDFV, RIDA), Branch Cookie ID; IP Address, Referrer; Central Processing Unit (CPU) Type, Build, Internet connection type, Application version, Device model, Manufacturer, Operating system, Operating system version, Screen size (height, width), Screen resolution, Mobile network status (WiFi, etc), Device locale (country and language), Local IP address, Mobile platform, Branch SDK version, Carrier ID; Developer ID; Engagement Data.	We use Branch to track and analyse our marketing efforts and for deep links functionality
WeChatSDK and WeChat Login	Tencent Holdings Limited	Registration data and log in data, profile data, profile media, Password, Emergency Contacts, Managed Devices, email address, and QQ ID, chat data, contacts list, log data, location data, payment card information, text for which you request a translation, customer support information, social connect information, surveys, marketing preferences, interests, derived from your in-app behaviour.	We use WeChat to enable you to login via your WeChat account, and enable you to send and receive messages in China region only.
LINE Software Development Kit and Line Login	Line Corporation	Usage statistics from the software including but not limited to a unique identifier, associated IP address, version number of the software, and information on which tools and/or services in the SDK are being used and how they are being used	We use Line to login via your Line account and enable you to send and receive messages (in Japan only)

Twitter Inc. with its registered address: 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. You can find information about how Twitter may process and use your data we collect through its services, as well as how to control your information, here. You also can find information about privacy and data security in MoPub here;
additional information about Adjust’s approaches to privacy is provided here;
Agora Lab, Inc. with its registered address: 2804 Mission College Blvd., Santa Clara, CA, USA 95054. Agora provides more information on how it processes data in its Privacy Policy;
Branch Metrics, Inc. with its principal place of business at 1400B Seaport Boulevard Redwood City, CA 94063. Additional information about Branch’s approaches to privacy is provided here;
Line Corporation with its principal address: 1-6-1 Yotsuya, Shinjuku-ku, Tokyo, 160-0004, Japan. Line Corporation provides more information on how it processes data in its Privacy Policy;

3.6. Additional Data Processors. Where there is necessity, we may also engage additional third-party services and may share the data with them. That will help us operate, provide, improve, integrate, customize, support, and market our Service and the Website. We share the data, in particular, for purposes indicated herein. The types of third parties we may share information with include, in particular: cloud storage providers, data analytics providers, measurement partners, marketing partners, payment processing providers, communication services providers, etc.

3.7. Data Trading. Hily does not sell your data and has not sold your personal data in the previous 12 months.

3.8. Third Parties: Other Users and Social Media. Some of your data is publicly available; it means that other users of Hily may have access to your data with which you go public. Please read section 1 carefully and follow our privacy recommendation in order to avoid any undesirable or accidental disclosure of your data. Meanwhile, as we explained in sections 3.4(f)-(h), Hily users have an option to register or log in to the App using Facebook, Snapchat or Apple profile. If you act so, you are authorising us (and in some cases, other users) to access some of your information placed in your external profiles, including information you make available via these social media, your friends list, current location and those friends you have in common with other Hily users etc. With this regard, please note the following:

any of your data placed in your profile will be shared with other Hily users;
any of your data placed in your profile, as well as your entire profile, may be shared by other Hily users with any third parties (for instance, so as to recommend you to a user’s friend as a potential partner or a buddy);
any user may take a photo or a screenshot of your data. We do prohibit such actions! Still, we cannot track or prevent sharing of taken images;
if you registered your Hily profile using Facebook, Snapchat or Apple profile, your external profile may be visible for other Hily users;
if you registered your Hily profile using Facebook, Snapchat or Apple profile (which means that you connected your Hily profile and Facebook, Snapchat or Apple profile), you authorize such social media to access to some of your data. We kindly recommend that you read their privacy policies since Hily does not control how they use your personal data in that case;
if you do not want to have your Hily profile likned to your profile on the third-party websites, please visit your Facebook, Snapchat or Apple profile and follow the instructions of those social media to remove the Hily access permissions.

3.9. Please note we collect personal data directly from you and we may also receive some of your personal data from third parties. For example:

From other social networks: when you connect to your Hily mobile application user account through one of your other social network accounts (e.g. Facebook account);
From other partners: some of our partners may transmit personal data about you (for example when you access our website by clicking on an advert for the Hily mobile application published on a partner's website);
From other users: other users of the Hily mobile application may provide us with personal data about you when they use our services (for example, when they contact us about you or mention information about you in their discussions with other users).

3.10. Third Parties: Law Protection and Enforcement Bodies; Attorneys-at-Law. Hily is a place free of any kind of abuse, violence, laws and third-party rights infringement. We designed Hily as a safe harbor for people to be themselves and express their emotions. We do our utmost to protect our biggest value, sense of security of our users, so we may disclose your data to third parties in the following cases:

we will cooperate with law enforcement inquiries from within or outside your country of residence where we are required to by law, where there is an investigation into alleged criminal behaviour or to protect the vital interests of a person. We may share any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with;
we will disclose your data if it’s necessary so as to comply with a judicial proceeding, court order, or legal request of a state body (a law protection or enforcement body). We may share any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with;
we may also cooperate with all third parties to enforce their intellectual property or other rights in the event we are notified of an offence by one of our users. Still, we will share your data if we receive respective and motivated legal request of such by the third party’s attorney-at-law, proving your violation only. We may share any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with. Please note, if we find no proof sufficiently established in an inquiry, we will not disclose your data;
society may be cruel at times; wrong words or actions of others may hurt. Still, this is not a reason to harm yourself. Here, at Hily, we believe that every issue can be fixed, and we are ready to share contact details of our partners who may offer professional help. If we detect suicidal behavior by our users, we may report such a case to the police or professional non-governmental organization, so as to prevent our users from making the biggest mistake of their lives. We may share your name, contact details and geolocation with those bodies;
we may transfer your data to a respective law protection or enforcement body if we detect illegal activity or we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person. We may share any personal data that we hold about you, depending on the nature of the violation or the issue that we are dealing with; and finally
we will share your data with our lawyers, a court, arbitrators, or any authorized professional etc. if we detect your conduct is in breach of Hily’s Terms of Use or any integral parts thereto or in order to protect the rights and property of Hily, its affiliates, or the public or to comply with legal and regulatory obligations.

4. Hily’s Approaches toward Children’s Privacy

4.1. Age Restrictions. We restrict persons who are under the age of 18 (or the age of legal majority in their place of residence) from using the Services and we do not knowingly collect personal information from anyone under the age of 18.

4.2. Notify Us. In the event that we become aware that we have collected personal information from any person who is under 18 years old (or the age of legal majority), we will dispose of that information in accordance with Children’s Online Privacy Protection Act (COPPA) and other applicable laws and regulations. If you are a parent, guardian or you believe that a user is underaged, please contact us by email at [email protected] or report a profile via the relevant feature in the App.

4.3. Our Steps. If we become aware that a person under the age of 18 has registered with Hily and provided us with incorrect personal information, we will take steps to terminate that person’s registration and delete all relevant registration data from Hily.

5. Collection of Personal Data

5.1. In this article we explain what data (in addition to the data we collect as set forth in section 3.5) we collect (categories and a full list of data), sources we get your data from, purposes for which the data is used and our legal basis to process your data. Here, we also share some useful data privacy tips with you.

5.2. Categories of Personal Data. In the event you are a resident of the State of California, you may find a data on categories of your personal data that we may collect in accordance with section 1798.140(o)(1) of the California Consumer Privacy Act (CCPA):

identifiers such as a real name, alias, unique personal identifier, online identifier, internet protocol address, email address, account name, driver’s license number, passport number or other similar identifiers (CCPA category A);
personal information, as defined in the California customer records law, such as name, physical characteristics or description, telephone number, passport number, driver’s license or state identification card number, education, employment, bank account number, credit card number, debit card number, or any other financial information, medical information (CCPA category B);
characteristics of protected classifications under California or federal law (if you choose to provide them), such as age, gender identity, sexual orientation, race, religion, political views (CCPA category C);
commercial information, including records of products or services purchased or other purchasing or consuming histories or tendencies (CCPA category D);
internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement (CCPA category F);
geolocation data, such as mobile device location (CCPA category G);
audio, electronic, visual and similar information, such as photos and videos (CCPA category H);
professional or employment-related information (CCPA category I);
inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics or a summary of these characteristics (CCPA category K).

5.3. In the event you are a European Union resident you may find a data on categories of your personal data that we may collect in accordance with GDPR following the previous list. In particular, the personal data that falls within the special categories (racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation) will only be collected if you choose to provide them and expressly consent so (as considered in GDPR Article 9.2.a).

5.4. Purposes of Data Processing; Personal Data Collected; Source; Legal Basis:

Purpose	Personal Data Collected	Source	Legal Basis
to make the Website work properly and provide you with access to it	IP address; cookies identifiers (in accordance with our Cookies Policy); User Agent (CCPA categories A and F)	we automatically get these from your device	performing of the contract with you
to reply to your request sent via the Website (or directly via email)	Name; email address; IP address; your message, including any data you decided to share with us (A, B and H);	we receive this data from you	performing of the contract with you or your consent (when you start a communication via email)
to allow you to create a Hily profile	name or nickname; date of birth (age); email address; phone number; Apple ID, Facebook ID or Snapchat ID (AppScopedUserID) (depends on the way of registration); your gender, gender(s); age group you are interested in; your field of occupation; photos; your description (CCPA categories A, B, C, F, and H)	we receive this data from you (except for Apple ID, Facebook ID or Snapchat ID (get from relevant social media) and location (obtain from your device)	performing of the contract with you
to allow you to create a Hily profile with Facebook profile	Facebook ID (AppScopedUserID); email address; name and profile picture; date of birth (CCPA categories A, B, and H)	we get this data from Facebook	performing of the contract with you or consent
to allow you to create a Hily profile with Snapchat profile	Snapchat ID (AppScopedUserID); Bitmoji (CCPA categories A, B and H)	we get this data from Snapchat	performing of the contract with you
to allow you to create a Hily profile with Apple profile	Apple ID (AppScopedUserID) (CCPA categories A)	we get this data from Apple	performing of the contract with you or consent
to provide you with better communication and connection experience	optional data, such as Hily tags: your interests, your preferences, your mood, requirements to your partner (to body shapes and interests); your religious or political leanings; photos; your field of occupation; zodiac sign; your username on Instagram, Snapchat, Spotify, Facebook, Twitter, TikTok, Twitch, Discord, PlayStation, Xbox, Pinterest, or Tumblr (CCPA categories A, B, C, G, H and I)	we receive this data from you	performing of the contract with you
to provide you with networking services; to help you connect with other users	all the data placed in your profile; your geolocation; history of your likes/dislikes; your connections; your preferences (CCPA categories A-C, F, H and I)	we receive this data from you directly (you share the data with us) or indirectly (you create the data when using the App)	performing of the contract with you
to show “nearby” location information to you and other users of the App	Wi-fi access points and location data when you use the App (CCPA сategory G)	you provide this information to us	performing of the contract with you or consent
to provide you with an opportunity to share your content and opinion	your photos; images that you upload; publications; texts; videos; livestreams; comments; data in your groups (CCPA categories F and G)	we receive this data from you directly (you share the data with us) or indirectly (you create the data when using the App)	performing of the contract with you
to enable video calls feature	video call usage data; images and videos (CCPA categories F and H)	we receive this data from you indirectly (you create the data when using the App)	performing of the contract with you
to enable other in-app features	data on number and types of in-app objects; the Licensed content; number and types of publications; livestreams you have interacted with; location (CCPA categories A, D, F, G, H and K)	we receive this data from you indirectly (you create the data when using the App)	performing of the contract with you
to process your requests and claims in the App	name; email address; IP address; your message, including any data you decided to share with us (A, B and H)	we receive this data from you	legitimate interest
to process complaints against you	your profile data; shared content data; content of sent messages; other information we may be provided with (CCPA categories A, B, D, F, G, and I)	we get this data from third parties or indirectly from you (when you create the data when using the App)	legitimate interest or legal obligation
to verify your Hily profile/your identity/age; to prevent, detect and fight fraud or other illegal or unauthorized activities	your photos; driver’s license, passport data; phone number, email address; any data that we hold about you, depending on the issue that we are dealing with (CCPA categories A-D, F, G, and I)	we may get data from you, third parties of automatically collect from your device	legitimate interest or legal obligation
to ensure legal compliance with our policies, laws; exercise our rights; assist law protection and enforcement bodies	any data that we hold about you, depending on the issue that we are dealing with (CCPA categories A, B, D, F, G, and I)	we may get data from you, third parties or automatically collect them from your device	legitimate interest or legal obligation
to provide you with paid features	history of purchases; payment details; payment card details (CCPA categories B and D)	you provide this information to us	performing of the contract with you and our legal interest
to provide you with a remuneration	name; banking details (payment card or payment system); type and amount of remuneration; history of transactions (CCPA categories A, B, D and K)	you provide this information to us	performing of the contract with you
to carry out anti-fraud and anti-spam procedures	name; email address; phone number; IP address and IP session information; social network ID; username; user agent ID; cardholder name; payments received; type of payment; user ID; location	you provide this information to us and we automatically collect it from your device (IP address and IP session information, user agent ID, location, user ID)	legitimate interest or legal obligation
to serve you relevant offers and ads	location; history of purchases; interests; gender; age; activity in the App; partner ID; device and OS ID (CCPA categories A, B, F, G, and K)	you indirectly provide this information to us and we automatically collect it from your device	your consent
to ensure a consistent experience across your devices	user ID, including third party’s ones; duration of a session; the history of the interaction of the App; data you provided our support team with via “Contact-us” form or a live-chat feature, including, email address, name, content of your request; localization of your device system; type and preferences of your device’s system; your device type; OS type (CCPA categories A, B, D, F, G and K)	we automatically collect from your device	performing of the contract with you
to analyze use of the Services; to improve our Services	gender; age; partner ID; zodiac sign; body shapes data; occupation; Hily tags; relationship status; content placing history; in-app activity logs; friends list; logins/logouts log; duration of sessions; location; type and preference of your device’s system; your device type; OS type; lodged and received complaints	you directly provide this information to us and we automatically collect it from your device (location, type and preferences of your device’s system, your device type, OS type)	legitimate interest
to contact you in order to obtain feedback and to find out if you want to take part in marketing campaigns	name; email address; user ID; data you disclose to us (CCPA categories A and B)	you directly provide this information to us and we automatically collect it from your device (user id)	legitimate interest or consent

5.5. Legal Bases. Legal bases are the grounds set forth by the GDPR on which we may process your data. We rely on following legal bases:

performing of the contract with you — the main legal basis that we use to process your data. It includes mostly everything we do to provide you with services, under our Terms of Use and their appendices. You may restrict us from processing of your data, but please be advised that, in such a case, we will not be able to provide services to you. Please see section 8 to find out more;
legal obligation — we may process your data when we have a legal obligation when it is required by applicable laws, e.g., in order to prevent fraud, assist law protection and enforcement bodies.
Legitimate interest – we have a commercial interest to process with your personal data that is justified, balanced and does not infringe on your privacy (e.g. statistical reporting). Where the legal basis is legitimate interests, you have a right to object to our use of your data. Please see section 8 to find out more;
consent — we may process some of your data when we have your consent to do so. Where the legal basis is consent, you can withdraw consent at any time. Please see section 8 to find out more.
You hereby acknowledge and agree that we may receive your personal data from any third parties (other users, any official bodies, third-party providers, etc.) when you connect your Hily profile with other services, when we receive enquires, court orders, subpoenas, claims, etc..
We do not collect or store full credit card number information, though we may receive credit card-related information to help process future payments and summary information about transactions that do not include credit card or bank account numbers.
From time to time we may start surveys/feedbacks for research purposes and we may contact you to find out if you would like to take part. We may also contact you to find out if you would like to take part in marketing campaigns. Such activities are optional. If you do not wish to be contacted to take part in a survey or marketing campaign, please contact us at [email protected] or via the respective in-App feature. If you do not want to contact us but you also do not want to participate in our activities, please ignore our messages.
Since we rely on your consent to show you personalized ads, you are entitled to revoke your consent anytime and request that we stop using personalized ads towards you. Please contact us at [email protected] to strike off your consent. Meanwhile, if you opt-out of targeted advertising you will still see ads, though they will be less relevant to you.

6. Duration and Location of Processing; Data Transfer

6.1. Data Retention. Your data will be stored within the term of your use of the Services and up to the termination of such use (or upon agreement between you and Hily) which means the deletion, blocking or suspension of your account on the mobile application and the restriction of your further use of the mobile application; we shall terminate the processing of your personal information, unless the special retention period for the storage of such data is set by the relevant legislation at the time.

6.2. Exemptions. In practice, we delete or anonymize your information upon termination of your profile or after two years of your continuous inactivity. There may be special rules applied in case that:

we must hold your data to comply with applicable laws;
we must hold your data to evidence our compliance with applicable laws;
there is an outstanding issue, claim or dispute requiring us to hold the relevant data until it is resolved; or
your data must be kept for our legitimate business interests, such as fraud prevention and enhancing users’ safety and security (see section 6.6 hereof).

6.3. Terms of Deletion. All your data is to be fully erased (or anonymised) within 7 calendar days following deletion of your Hily profile, except:

livestreams records which are being stored up to 7 calendar days following a date of livestream;
in-app features and subscription purchases which are being retained during the term of your subscription and 5 years from the deletion of your user account;
support tickets, emails with our support team and your name (as identified in your email), as part of support tickets data that are being retained during the term of your subscription and 5 years from the deletion of your user account;
hashed email address, phone number, IP address, profile ID (including, Hily ID, Facebook ID, Snapchat ID, Apple ID) and device ID (NOT a device IMEI) associated with banned account which are being retained during the term of your subscription and 5 years from the deletion of your user account owing to our legitimate interest (see section 6.6 hereof);

6.4. Leftovers. When your account is deleted (as well as your data) from the Services, copies of your data may still be viewable, if your data has been previously shared with others, or copied or stored by other users or other third parties. We cannot control this, nor do we accept any liability for this. If you have given third party applications or websites access to your data, they may retain such information to the extent permitted under their own privacy policies.

6.5. Removed and deleted data may be hosted in backup copies for up to 30 days, but will not be available to others in the meantime. We put that backup data ‘beyond use’. At the end of this period, these data will be permanently deleted.

6.6. At all times you are entitled to restrict us to process your data by sending to us a data erasure request or a notice of prohibition to process your data. Please be warned that:

such action prohibits us to process your data and/or makes us delete your data so you will lose your access to the Website and Services;
if your Hily profile is banned, a data erasure request will not release you from prohibition to use Hily Services;
if your profile is blocked, your other Hily profiles may also be blocked as part of our anti-spam and anti-fraud procedures.

6.7. Enforcing of Prohibition to Use Hily. In the event that your profile is blocked, banned or otherwise disabled owing to any violation of applicable law or a violation of the Terms of Use or the provisions of this Policy, you will be prohibited from further creation of new profiles and using the Services again. Accordingly, we will keep on processing data listed in section 6.3(f) hereof (the “technical data”) in order to prevent your further registration and potential violations. Please note that:

the technical data is not subject to erasing under article 17 of the GDPR; hence, we will process it on the basis of our legitimate interest, which is a separate ground of processing;
our legitimate interest does not outweigh your right to privacy, because the way that we use the technical data does not significantly impact your privacy, and we have a compelling reason to do so (recital 47 of the GDPR). This reason is to restrict you from breaching yet another obligation under the Hily’s Terms of Use and potentially harm us or our users.

6.8. Location of Servers; Data Transfer. Our servers are based in the USA and EU, so your data may be processed and hosted outside the EU. We inform you that:

we use EU servers to collect and process EU and UK residents’ data;
we use USA servers to collect and process data of users from the rest of the countries;
if we transfer personal data collected within the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission (details available here (or any new version of contractual clauses issued by a data protection body (if any)) , or (ii) the European Commission adequacy decisions about certain countries (details available here).

7. Tracking Technologies

7.1. Cookies Policy. We use cookies and other tracking technologies to improve your user experience and obtain data about how the website is being used. This data enables us to develop and optimize the Website and make the use of the Services more comfortable for you. Please read out Cookies Policy to find out more.

8. Your Data Privacy Rights

8.1. Being a data subject, you have the following rights:

a right to request access to your data: you can ask us what personal information of yours is being processed, as well as for clarifications on the information described above, i.e. purpose of collecting and processing, period of processing, third parties that have access to information. To exercise this right please contact us at [email protected]. Please find more details in section 10 hereof;
a right to request us to rectify your personal information: you can ask all the inaccurate personal information concerning you been corrected. You can also complete the personal information if you feel there is a need to do so. To exercise this right please contact us at [email protected] or use a specific area of your profile. Additionally, we are happy to note that there is the alternative way to amend your data. You control your Hily profile, so are able to correct or update (other than your mobile number and location (the latter is automatically updated)) your information at any time by just logging in to Hily and using the respective settings;
a right to request us to erase personal information: you can request us to erase such data in the following circumstances: (i) where you believe it is no longer necessary for us to hold that personal data, (ii) where we process it on the basis of your consent and you wish to withdraw your consent, (iii) where we process your personal data on the basis of our legitimate interest and you object to such processing, (iv) where you no longer wish us to use your personal data to solicit you commercially, or (v) where you believe that we are unlawfully processing your personal data. In most cases we will erase it ourselves, unless otherwise required by legislation. To exercise this right please contact us at [email protected];
a right to request us to restrict the processing of your data: for example, (i) if you contest the accuracy of your data being processed or, (ii) if the processing is unlawful and you object to its deletion, (iii) if you believe that we no longer need your data but it is still necessary for the establishment, exercise or defence of legal claims, or (iv) if you have objected to the processing of the data we hold about you. To exercise the right please contact us at [email protected]. Additionally, we are happy to note that there is an alternative way to exercise your right toward geolocation data by yourself. If you have location services enabled, but you desire to turn them off, you can do so by taking the following steps: (i) iPhone App — Settings, Privacy, Location services, Hily; or (ii) Android App — Settings, Location, Hily, Permissions, Location;
the right to object to the processing of your personal data: you have the right to object to the processing of your personal data by our services and we will consider your request. To this purpose, please provide us with details of your reasoning so that we can assess whether there is a legitimate and compelling reason for us to continue processing the data or whether we need to process it for the exercise or defence of our legal rights.
a right to withdraw your consent for the collection and processing of your data by us: you can revoke your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To exercise the right please contact us at [email protected];
a right to lodge a complaint with supervisory authority: if you are a UK resident, you have the right to complain to the Information Commissioner’s Office (ICO) whether you have any grievance against the way we collect, use or share your data; and
a right to data portability: you may request to receive the data we hold about you in a structured, commonly used and machine-readable format, and the right to request that we transfer such data to another party (i) if the processing is necessary for the performance of the contract or (ii) if the processing is based on your consent and where the processing is carried out using automated processes. to exercise the right please contact us at [email protected].
The right to give post-mortem instructions: you have the right to set out instructions for the retention, deletion and disclosure of your data after your death.

8.2. We will provide information on action taken on your request related to your rights specified above within one month of receipt of the request, at the longest. That period may be extended by two additional months, if we are overwhelmed by the number of requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Please find more details in article 10 hereof.

9. Notice to California Residents

9.1. California Civil Code, Section 1798.83, also known as the “Shine The Light” law, grants our users who are California residents some specific rights. Section 9 here applies to California consumers only. This section also provides additional details about how we process personal data of California consumers and the rights available to them under the California Consumer Privacy Act.

9.2. You are always welcome to request “.pdf” copy of this Policy or any other integral part of Hily’s Terms of Use (as well as Hily’s Terms of Use themselves); just let us know by sending your request at [email protected].

9.3. We do not sell your data, so no opt-out choice is necessary. It means that we do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate, in any way, your data to another company for monetary or other valuable consideration.

9.4. You have the right to request, twice within a 12-month period, the following information about the data we have collected about you during the past 12 months:

the categories and specific pieces of data we have collected about you;
the categories of sources from which we collected it;
the business or commercial purpose for which we collected the data;
the categories of third parties with whom we shared the data; and
the categories of data about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose.

9.5. You have the right to request that we delete the data we have collected from you. If you choose to exercise any of your rights under the CCPA, you have the right not to receive discriminatory treatment.

9.6. To submit an access or deletion request, contact us at [email protected]. To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your data or complying with your request. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

10. Data Subjects’ Access and Erasure Requests

10.1. Method for Submitting Requests. You may exercise your right to file a request to access or delete your data by contacting us at [email protected] or via the App. Only in the event you are California consumer, you may file your request to delete by post to address: Att.: Hily Corp., 3172 North Rainbow Boulevard #1132, Las Vegas, NV 89108, United States of America. If you use mail to submit your request, please specify your email address in your letter.

10.2. Timeframes. In the event you submit your request to us, we will act as follows:

within 10 business days following α confirmation of receipt of your letter, we shall request that you provide us with relevant data for a verification procedure;
if you are a California consumer, we will have 45 calendar days following the date of your request to process your request. In the event of your failure to pass the verification process within 45 calendar days, we may deny your request or prolong the term of processing up to additional 45 calendar days; please be sure that we will notify you about our decision;
if you are an EU or UK user, we will have 30 calendar days following the date that you provide us with the data required for verification to process your request. In the event of your failure to pass the verification process, we may deny your request. We are entitled to prolong the response term up to 2 months by giving you a notification.

10.3. Verification. The most important step is the verification process. We will first check that we have enough information to be sure of your identity. Often, we will have no reason to doubt a person’s identity (if you contact us via the App, for example). However, if we have good grounds to doubt your identity, we may ask you to provide additional evidence we reasonably need to confirm your identity. For example, we may ask you for a piece of information held in your profile that we would expect you to know: your location, last 5 connections, etc. If we have serious doubts about your identity, we may ask you to share with Hily your photo with your ID document or an image of your ID document. In the event you fail the verification process, your request will be rejected.

10.4. Authorized Agent. You, as a California consumer, may assign your agent to submit a request on your behalf. If you desire to use this way, your agent shall provide us with your written authorization. Owing to a sensitive nature of your data, we reserve the right to reject, at any time, requests concerning your data submitted by any third party.

11. Third-Party Websites

11.1. The Services may contain links to websites operated and maintained by third parties, over which we have no control. Privacy policies of such linked websites may be different from this Policy. You access such linked websites at your own risk. Similarly, the Service may be accessed and used by third-party websites that we do not control. We have no control over the privacy policies of such third-party websites, and you access such third-party websites at your own risk.

12. Data Protection; Security

12.1. We incorporate commercially reasonable safeguards to help protect and secure your data. However, no electronic data transmission or storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure or warrant the security of any information you transmit to us, and you use the Service and provide us with your information at your own risk.

12.2. To help protect you and others, we may monitor your use of the Services and use your personal data and/or other information we collect in order to: identify fraudulent activities and transactions, prevent abuse of and investigate and/or prosecute potential threats to or misuse of the Service, ensure compliance with the Terms of Use and this Policy, investigate violations of or enforce these agreements and protect the rights and property of you, Hily, its partners and other customers. This security monitoring may result in the collection, recording, and analysis of online activity or communications through the Services. If you do not consent to these conditions, you must discontinue your use of the Services.

12.3. We regularly monitor our systems for possible vulnerabilities and attacks and regularly review our information collection, storage and processing practices to update our physical, technical and organizational security measures.

12.4. TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW, WE EXPRESSLY DISCLAIM ANY REPRESENTATION OR WARRANTY, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO ANY BREACHES OF SECURITY, DAMAGE TO YOUR DEVICE, OR ANY LOSS OR UNAUTHORISED USE OF YOUR REGISTRATION INFORMATION OR OTHER DATA.

13. Reach us Out

13.1. We would be glad to hear from you. If you have any questions regarding this Policy, please contact us at [email protected] or [email protected].