Your privacy and the protection of your personal data are a priority for us. We therefore ask you to read carefully our Privacy and Data Protection Policy where we describe who we are, for what purposes we treat your personal data, how we treat it, with whom we share it, for how long we keep it, and how you can exercise your rights.

OmoLab komunikacije d.o.o., located at Avenija Dubrovnik 15/12, 10000 Zagreb, Croatia („OmoLab“, “we”, „our“), hereby undertakes to protect personal data of users of the  Omoguru web and mobile application (Services). Any personal data we gather is used to aid the provision of our products/services. All personal information collected is safely stored and available only to employees whose jobs require access to such information. All OmoLab employees are under obligation to respect the principles of privacy protection. At OmoLab, we have a few fundamental principles:

• We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
  
  
• We store personal information for only as long as we have a reason to keep it.
  
  
• We help protect you from overreaching government demands for your personal information.
  
  
• We aim for full transparency on how we gather, use, and share your personal information.

We only collect and use the information about you for the purposes:

• To provide our Services. For example, to set up and maintain your account, provide customer service, process payments, and orders, and verify user information.
  
  
• To ensure quality, maintain safety, and improve our Services. For example, by providing automatic upgrades and new versions of our Services. Or, for example, by monitoring and analyzing how users interact with our Services so we can create new features that we think our users will enjoy and that will help them to learn and read more easily, as well as making predictions about user retention.
  
  
• To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations. To fix problems with our Services. For example, by monitoring, debugging, repairing, and preventing issues. This means we collect information about the actions that site administrators and users perform on a site.
  
  
• To customize the user experience. For example, to personalize your experience by serving you relevant notifications and content. This means, for example, we collect information when you create or make changes, such as what font, size, thickness, background color and which features you use.
  
  
• To communicate with you. For example, by emailing you to ask for your feedback, share tips for getting the most out of our products, or keep you up to date on Omoguru.
  
  
• Location information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
  
  
• Stored information: We may access information stored on your mobile device via our mobile app. We access this stored information through your device operating system’s permissions. For example, you give us permission to access the photographs on your mobile device’s camera roll to convert photos to text documents.

A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:

(1) The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account — for example, in order to enable access to our website on your device or charge you for a paid plan; or

(2) The use is necessary for compliance with a legal obligation; or

(3) The use is necessary in order to protect your vital interests or those of another person; or

(4) We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to measure; to monitor and prevent any problems with our Services; and to personalize your experience; or

(5) You have given us your consent — for example before we place certain cookies on your device and access and analyze them later on, as described in our Cookie Policy.

Your personal data will be processed in accordance with the terms and provisions of the General Data Protection Regulation- Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 (GDPR).

• We share information about you in limited circumstances, and with appropriate safeguards on your privacy.
  
  
• We may disclose information about you to our subsidiaries and independent contractors who need the information to help us provide our Services or process the information on our behalf. We require our subsidiaries and independent contractors to follow this Privacy Policy for any personal information that we share with them.
  
  
• Third-party vendors: We may share information about you with third-party vendors who need the information in order to provide their services to us. This includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information, payment providers you use for your own ecommerce operations, fraud prevention services that allow us to analyze fraudulent payment transactions, cloud storage services, postal and email delivery services that help us stay in touch with you).
  
  
• Aggregated or de-identified information: We may share information that has been aggregated or de-identified, so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
  
  
• Your information, which we receive when you use our services, may be transferred to and from the United States, the EU and other countries we may operate in. In some of those countries, the privacy and data protection laws and rules on when the data may be accessed may differ from those in the country where you live. As such, we ensure an adequate level of protection for the rights of the data subjects based on adequacy of the receiving country’s data protection laws, contractual obligations placed on the recipient of the data or other legal bases to lawfully transfer personal data around the world, the EU-US Privacy Shield or EU Commission approved model contractual clauses.

• We generally discard information about you when it is no longer needed for the purposes for which we collect and use it and we’re not legally required to keep it.
• Your personal data will be anonymised or deleted if your last interaction with our Services was over 5 years ago.

• While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so.
  
  
• We monitor our Services for potential vulnerabilities and attacks.
  
  
• The processing of personal data shall only occur under instructions from Omoguru or a certified and allowed third party, unless a natural or legal person is required to so by law.
  
  
• We ensure reasonable efforts to check that the consent given is in line with the law, namely concerning the consent to process children’s data.

You have several choices available when it comes to information about you:

• Limit the information that you provide: If you have an account with us, you can choose not to provide the optional account information or profile information.
  
  
• Your mobile device operating system should provide you with the option to discontinue our ability to collect stored information from our mobile app. If you choose to limit this, you may not be able to use certain features, like OCR.
  
  
• Close your account: You can close your account if you no longer want to use our Services. Please keep in mind that we may continue to retain your information after closing your account, as described in How Long We Keep Information above — for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests.

If you are located in certain parts of the world, including California and countries that fall under the scope of the European General Data Protection Regulation (aka the “GDPR”), you may have certain rights regarding your personal information, like the right to request access to or deletion of your data.

European General Data Protection Regulation (GDPR)

If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:

• Request access to your personal data, as well as to the purposes of the processing, the category of the data, the recipients, the intended storage period and the existence or otherwise of automated decisions, including the definition of profiles;
  
  
• Request correction or deletion of your personal data, if they are inaccurate or incomplete;
  
  
• Object to our use and processing of your personal data, whenever it is no longer necessary for the purposes for which it was processed, whenever consent is withdrawn when this is the only legal basis for the processing, whenever you object to the processing in cases where it is done for the purposes of direct marketing, or whenever your data have been processed unlawfully;
  
  
• Request that we limit our use and processing of your personal data, whenever you contest the accuracy of your personal data and during the period of time in which we verify the accuracy of such data, whenever the processing is illicit and in the circumstance that you have opposed the erasure of the data, wanting only the limitation of its use, or whenever your personal data are no longer necessary for the purposes for which they were processed, but are nevertheless required by you for the purpose of declaration, exercise or defense of a right in a legal proceeding;
  
  
• Request portability of your personal data, which means that you have the right to receive the personal data concerning you and that you have provided to us in a structured, commonly used and automatically readable format, and also the right to pass on such data to another controller;
  
  
• You also have the right to make a complaint to a government supervisory authority.
  
  

If you are a California resident, you have additional rights under the CCPA, subject to any exemptions provided by the law, including the right to:

• Request to know the categories of personal information we collect, the categories of sources from which the information came, the categories of third parties we share it with, and the specific pieces of information we collect about you;
  
  
• Request deletion of personal information we collect or maintain;
  
  
• Opt-out of any sale of personal information; and
  
  
• Not receive discriminatory treatment for exercising your rights under the CCPA.
  
  

When you contact us about one of your rights under this section, we’ll need to verify that you are the right person before we disclose or delete anything. For example, if you are a user, we will need you to contact us from the email address associated with your account. You can also designate an authorized agent to make a request on your behalf by giving us written authorization. We may still require you to verify your identity with us.

You should note that in certain cases (e.g. due to legal requirements), your request may not be fulfilled immediately. In any case, you will be informed without delay about the reasons why we did not comply with your request.

Protecting the privacy of children is especially important. The Children’s Online Privacy and Protection Act requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children in the United States of America who are under 13.

According to article 8 of GDPR, where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility for the child.

Omuguru fully respects the role of parents or guardians in the monitoring of their children’s online activities. Accordingly, Omuguru limits its collection of personal information from children to no more than is reasonably necessary to participate in the Services and to improve it going forward. Omuguru does not collect any Personal Data from children other than as set out in the Agreement, and we reserve the right to refuse to Process data supplied by the Customer that is in violation of this clause. This Clause applies only if the contracting Party to the Agreement is Exponea with its registered seat in the United States of America.

If you consider that, in the course of processing your personal data, we committed any violation of the European Regulation on data protection and privacy, please do not hesitate to contact us at info@omolab.com. Additionally, you can file a complaint with your Personal Data Protection Agency.

The information in our Privacy and Data Protection Policy can be updated at any time, so we recommend that you consult this page regularly. Whenever our Privacy and Data Protection Policy changes, you will be informed when you visit our website.