top of page

Privacy Policy

Last updated: 4th August 2023

Welcome to Marbles CBT. I know that the handling of your personal data is important to you. For this reason, we (that is me, Omri Sadeh, as the data controller, and the third parties acting on my behalf) take the greatest possible care when handling your personal data and thus ensure a high level of data security. We respect the personal rights of our users and are aware of the importance of protecting the personal data we receive from you.

 

This Privacy Policy contains information about our data protection provisions and measures as well as the rights to which you are entitled within the framework of Israel’s Protection of Privacy Law, 5741-1981 (“PPL”) and the General Data Protection Regulation (“GDPR”).

 

The Controller

The controller within the meaning of the PPL and the GDPR for the processing of personal data is Marbles CBT (Omri Sadeh) of Tel-Aviv, Israel and email marbles.cbt@gmail.com. If you have any questions about the processing of your personal data, as well as your rights regarding data protection, please contact me.

 

Where this privacy policy Applies

This privacy policy Applies to the Marbles CBT App (“the App”). When the word “we” is used, it describes the controller (me) and includes the relevant service providers that help me to make the App available to you. When designing the App, we have made sure that as little as possible information that directly identifies you is collected.

 

As however some countries including Israel and the European Union, have a broad definition of personal data this policy covers it. In this sense we would need to first of all explore the definition of personal data.

 

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Legal bases for processing

The processing of your personal data may be based on the following legal grounds:

 

  • consent serves as our legal basis for processing operations where we obtain your consent for a specific processing purpose.

  • contract, insofar as the processing of personal data is necessary for the performance of a contract, e.g., if you use the App. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of enquiries about the App.

  • legal obligation, insofar as we are subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations.

  • legitimate interest, applies on the basis of our legitimate interests, e.g., when using service providers as part of the App. Our interest is directed towards the use of a user-friendly, appealing, and secure presentation as well as optimization of the App, which serves our business interests as well as meeting your expectations.

 

Installation of the App

The Marbles CBT App can be downloaded from the "Google Playstore" and "Apple App Store". Downloading the App may require prior registration with the respective App store and/or installation of the respective App store software.

 

a) App installation via the Google Playstore

You can use the Google service "Google Play" of Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU and Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland if you are a resident within the EU, to install the App. As far as we are aware, Google collects and processes the following data:

 

  • License check,

  • network access,

  • network connection,

  • WLAN connections, and

  • location information.

 

It cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.

 

b) App installation via the Apple App Store

You can use the Apple App service "App Store" a service of Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, US, if you are resident outside the EU and Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland, if you are a resident within the EU, to install the App. As far as we are aware, Apple collects and processes the following data:

 

  • device identifiers,

  • IP addresses, and

  • location information.

 

It cannot be excluded that Apple also transmits the information to a server in a third country. This could in particular be Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.

 

Device information

We collect information from and about the device(s) you use to access the App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope and compass.

 

Registration

When you start the App for the first time, you will be asked to register. The following information is requested for this purpose:

 

  • your nickname,

  • your email address, and

  • your password.

 

Alternatively, you can create an account using either Apple, or Google Connect. When registering via connect functions of third-party providers, you agree to the respective terms and conditions of these third-party providers and also consent to certain data from your respective profile of being transferred to us.

 

Starting the App

Every time you start the App, your data is synchronized, and your device communicates with our server through a signed token. The data is in particular, your device and your registration information. The transmission takes place automatically and is a prerequisite for the secure functioning of the App and is therefore mandatory.

 

Push Notifications

To ensure the full functionality of the App, we ask for your permission to access the Push notifications feature of your device. If you have enabled push notifications in the settings of your device, we can send you messages directly to your device and inform you about news, updates, and changes to our services. You can adjust or stop receiving push messages at any time via the device settings of your device.

 

When you contact me

If you contact me, your transmitted personal data will be automatically stored for the purpose of processing the request or contacting you. I delete the data accruing in this context after the storage is no longer necessary for the processing of your request or restrict the processing if there are legal retention obligations.

 

In App Purchases

When you order a feature in the App or subscribe, we may collect the following data from you to process the desired order:

 

  • IOS or Google user ID

  • Email address

  • Payment confirmation from the payment data collected by Google Play Services and Apple Game Center depending on the payment method;

  • Device IP and device serial number to link the story history to the device.

 

How we use information?

The main reason we use your data is to deliver and improve our services as follows:

 

  • To administer your account and provide our services to you;

  • Create and manage your account;

  • Provide you with customer support and respond to your requests;

  • Complete your transactions;

  • Communicate with you about our services;

  • Analyze your profile, activity on the service;

  • Communicate with you;

  • To improve our services and develop new ones;

  • Conduct research and analysis of users’ behavior to improve our services and content (for instance, we may decide to change the look and feel or even substantially modify a given feature based on users’ behavior);

  • Develop new features and services;

  • To prevent, detect and fight fraud or other illegal or unauthorized activities;

  • Address ongoing or alleged misbehavior;

  • Perform data analysis to better understand and design countermeasures against fraudulent activities;

  • Retain data related to fraudulent activities to prevent against recurrences;

  • To ensure legal compliance;

  • Assist law enforcement; and

  • Enforce or exercise our rights.

 

How do we use your data to improve the Marbles CBT App?

We analyze the use of the App anonymously in order to better understand and optimize the behavior when using our services. For that purpose we use Segment, an analytics service provided by Segment.io operated by Twilio Inc.'s of 101 Spear Street, First Floor, San Francisco, California, 94105, United States and Amplitude, an analytics service provided by Amplitude Inc. 631 Howard St. Floor 5. San Francisco, CA 94105, USA, to better understand and optimize behavior when using our services.

 

Where do we store your data?

The App uses Firebase Cloud Storage of Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

 

How long do we store your data?

We keep your personal data only as long as we need it for legitimate business purposes and as permitted by Applicable law. To protect the safety and security of our users on and off our services, we implement a safety retention window of three months following account deletion. During this period, account information will be retained although the account will of course not be visible on the services anymore.

 

In practice, we delete or anonymize your data upon deletion of your account (following the safety retention window), unless:

 

  • we must keep it to comply with Applicable law (for instance, some “traffic data” is kept for one year to comply with statutory data retention obligations);

  • we must keep it to evidence our compliance with Applicable law (for instance, records of consents to our Terms, Privacy Policy and other similar consents);

  • there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved; or

  • the information must be kept for our legitimate business interests, such as fraud prevention and enhancing users’ safety and security. For example, information may need to be kept preventing a user who was banned for unsafe behavior or security incidents from opening a new account.

 

Keep in mind that even though our systems are designed to carry out data deletion processes according to the above standards, we cannot promise that all data will be deleted within a specific time-frame due to technical constraints.

 

How do we protect your data?

We work hard to protect you from unauthorized access to or alteration, disclosure, or destruction of your personal data. As with all online technology, we take steps to secure your data, however we do not promise, and you should not expect, that your personal data will always remain secure.

 

We regularly monitor our systems for possible vulnerabilities and attacks and regularly review our information collection, storage, and processing practices to update our physical, technical and organizational security measures.

 

We may suspend your use of all or part of the services without notice if we suspect or detect any breach of security. If you believe that your account or information is no longer secure, please notify me immediately.

 

How we share your data?

We may disclose your personal data to third parties:

 

  • for the purposes of providing services that you request from us, fulfilling our obligations arising from any contracts entered into between you and us, processing payments in connection therewith or otherwise in connection with your use of the App;

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or

  • if we or substantially all of our shares or assets are acquired by a third party, in which case Personal Data held by us about our customers will be one of the transferred assets.

 

We may also disclose your personal data to a governmental or regulatory body, law enforcement, or other authorities, in order to enforce our terms of use for the App, to cooperate with any direction, request or order from such parties or to report any suspected unlawful activity.

 

How can I update my data?

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your user account or by contact me. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

 

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.

 

Obligation to provide personal data

You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.

 

Uninstall

You can stop all information collection by the App by uninstalling it using the standard uninstall process for your device. If you uninstall the App from your mobile device, the unique identifier associated with your device will continue to be stored. If you re-install the App on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.

 

Accountability

In certain countries, including in the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal information. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established.

 

Automated individual decision-making including profiling

We do not make automated decisions in individual cases, including profiling.

 

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

 

What are your rights?

Please contact me at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject. These rights are standardized in the PPL and the GDPR. This includes:

 

  • the right to information,

  • the right to erasure,

  • the right to rectification,

  • the right to data portability,

  • the right to restriction of data processing,

  • the right to object to data processing.

 

To assert these rights, please contact me.

 

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

 

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.

 

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.

 

You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

 

Note on data transfer to the USA

Amongst other things, tools from companies based in the USA are integrated in the App. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of Israel or EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

 

Data Breaches/Notification

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

 

Children’s Privacy

Our services are restricted to users who are 18 years of age or older. We do not permit users under the age of 18 on our platform and we do not knowingly collect personal information from anyone under the age of 16. If you suspect that a user is under the age of 18, please contact me.

 

Changes

Because we’re always looking for new and innovative ways to help you build meaningful connections, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.

bottom of page