Privacy policy
Astry.ai (hereinafter “we”, “us”, “our” etc.) values the privacy of all of our users and has established this privacy policy (hereinafter the “Privacy Policy”) to show commitment to these rights and to safeguard your privacy. If you (hereinafter “you”, “yours”, etc.) use (i) Astry.ai website (hereinafter the “Website”) or (ii) Astry.ai application (hereinafter the “App”), as well as (iii) pages operated by Astry.ai on social media sites and other platforms, (points (i) - (iii) collectively the “Services”), then we urge you to read this Privacy Policy and become fully informed about how it affects your personal privacy. Please refer to this Privacy Policy to find out how to CONTACT US if you have any questions about the contents herein.
1. WHO WE ARE
Our Services are operated by METALROX LIMITED, EU (the “Data Controller”). Please find more details in the CONTACT US section down below.
If you have any questions about this Privacy Policy, including any requests to exercise YOUR LEGAL RIGHTS, please reach us out using the details set out in the CONTACT US section down below.
2. WHEN YOU ACCEPT THIS PRIVACY POLICY
By using our Services, you are accepting the conditions set out in this Privacy Policy and the related Terms of Use Agreement.
3. AGE RESTRICTION
Persons under 18 years of age are not allowed to use our Services, as they are not targeted at persons under the age of 18. Any personal data we receive from users we believe to be aged 18 or under will be removed from our database.
If you believe that we have collected, used or disclosed personal data of a person under the age of 18 (or the age of majority in your jurisdiction), please contact our support team via the CONTACT US section down below so that we can take appropriate action.
4. WHAT DATA WE COLLECT AND HOW
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
INFORMATION YOU PROVIDE TO US
When you register, use or subscribe to our Services or take part in any interactive features of the Services (such as any games, promotions, quizzes, surveys, research or other services or features), we may collect a variety of information, including:
- Contact Information such as your name and email address (“Contact Data”).
- Other information such as your interests, moods, emotions, activities, photos, and any information derived from them (collectively “Extended Data”), and any other information you share during the use of our Services.
INFORMATION ABOUT HOW YOU USE OUR SERVICES
We may collect information about your participation and actions during your use of our Services. This may include personal journal input, favorite affirmations and any information derived from them (collectively “Usage Data”).
IF YOU FAIL TO PROVIDE PERSONAL DATA: Where you do not provide
Where you do not provide the personal data detailed in this Privacy Policy, you may not be able to use our Services.
5. HOW WE USE YOUR PERSONAL DATA
Generally, we may use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you for the Services.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Unless specifically mentioned, we do not use your personal data for any other reason. We will never sell your personal data to a third party, and we will never give a third party access to your personal data, except as may be provided in our Terms of Use Agreement, this Privacy Policy or unless required to do so by law.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out in the table below a description of the ways we plan to use your personal data, and which of the legal grounds we rely on to do so. Please CONTACT US if you need details about the specific legal ground we are relying on to process your personal data where more than one legal ground has been set out in the table below.
| Purpose/Activity | Type of personal data | Legal grounds for processing personal data |
|---|---|---|
| To register you as a new member | (a) Contact Data | (a) Performance of a contract with you |
| To provide the Services to you, including: maintaining a profile, answering questions, advice from mentors, and providing information about yourself |
(a) Contact Data (b) Extended Data (c) Usage Data |
(a) Performance of a contract with you |
| To use data analytics to improve our Services and products, marketing, customer relationships and experiences |
(a) Contact Data (b) Extended Data (c) Usage Data |
Necessary for our legitimate interests, such as: to define types of customers for our products and services, to keep our Services updated and relevant, to develop our business and to inform our marketing strategy. |
| To respond to requests from law enforcement authorities |
(a) Contact Data (b) Extended Data (c) Usage Data |
Necessary to comply with our legal obligations |
MENTORS
If you choose so, you may share your mood with mentors. In that case you may share some of your personal and sensitive data with the mentor. We carefully select the mentors for our Services and they are bound by certain legal and ethical restrictions, but please note that the mentors do not provide any professional or medical advice and please treat the mentor as a good friend, not a therapist. Mentors are not employed with or represent us and we bear no liability for any actions of the mentor.
AGGREGATED DATA
We may create aggregated data for internal use or for improving Services and creating new features. Aggregated data is anonymous and is not linked to any personal data. Aggregated information helps understand trends and customer needs so that new products and services can be considered and so existing products and services can be tailored to customer desires. We may share such aggregated data with our partners, without restriction, on commercial terms that we can determine in our sole discretion.
AUTOMATED DECISION MAKING
Automated Decision-Making (“ADM”) is when a decision is made solely on automated processing (including profiling) which produces legal effects or significantly affects an individual. Generally, ADM is prohibited when a decision has a legal or similar significant effect on an individual unless (a) you provide us with your consent, (b) ADM is authorized by law or (c) ADM is necessary for the performance of or entering into a contract.
We use ADM for:
- recommending App features and communication topics to you.
If you believe that ADM acted inappropriately or want to be serviced by a human, please CONTACT US.
MARKETING
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Where you have interacted with us, we will send you marketing communications from time to time. Such marketing communications are usually sent by email or text (SMS). If you do not want to receive marketing communications, please refer to the “unsubscribe” link in the communication we send to you.
When you receive communications from Us, including marketing communications, we may share your personal data with third party companies who help us conduct marketing activities. For example, we may use a third party to help us send email messages to you and help us understand how you have interacted with that email.
You hereby agree that we may at our own discretion use any available channels of communication (including, but not limited to Email, phone, sms, push notifications, Whatsapp, Facebook, Wechat, QQ and any other messengers) for customer support and/or marketing purposes if you have provided us with such. You may at any time withdraw your consent on such communication by contacting our support team via CONTACT US link down below.
CHANGE OF PURPOSE
We will generally only use your personal data for the purposes for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. DISCLOSURES OF YOUR PERSONAL DATA
OUR SERVICE PROVIDERS AND STAFF
The personal data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data controller, in some cases, the personal data may be accessible to certain types of persons in charge, involved with the operation of our Services (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) appointed, if necessary, as data processors by the Data controller.
We may share your personal data you provide to us with specially selected service providers who assist us in delivering the products and services we offer for the sole purpose of providing the services or when we consider their services or products to be of interest to you. These service providers must adhere to strict confidentiality and data transfer obligations in a way that is consistent with this Privacy Policy and the agreements we enter into with them. We may cooperate with external service providers to:
- oversee a customer personal data database;
- help us in sending out emails, sms (message and data rates may apply) and presents;
- help us with direct marketing;
- assist us with storage and data analysis;
- prevent from fraudulent activities;
- help us in maintaining, developing and improving our systems/websites/applications/services;
- collect payments.
TRANSFER OF BUSINESS
We may transfer or share a copy of your personal data in cases where the Data Controller or one of its properties, affiliates, or subsidiaries is part of a business transition, such as a merger, being acquired by another company, or selling part of its assets, or in the event of bankruptcy, dissolution, divestiture or any related or similar proceedings.
LEGAL DEFENSE
We may share your personal data to, in our discretion, (i) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (ii) enforce our Terms of Use Agreement, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect against harm to the rights, our property or safety, our users or the public as required or permitted by law and (v) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.
INTERNATIONAL TRANSFERS
We may share personal data internally within Data Controller’s subsidiary, affiliated and partner companies or with third parties for purposes described in this Privacy Policy. Personal data collected within the European Economic Area (“EEA”) may, for example, be transferred to countries outside of the EEA for the purposes as described in this Privacy Policy. We utilize standard contractual clauses approved by the European Commission, adopt other means under European Union law (such as, where applicable, corporate binding rules), and obtain your consent to legitimize data transfers from the EEA to Japan, the United States and other countries.
7. HOW LONG WILL WE KEEP YOUR PERSONAL DATA
We will retain your personal data for as long as necessary to fulfill the purposes we collected and/or processed it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
The Personal data is processed at the Data controller’s operating offices and in any other place where the parties involved with the processing are located. We also retain backups of the Services, including your personal data, on a rolling basis according to our internal data retention, disaster recovery, and business continuity policies. Our backups are stored off-site in the European Union, United Stated and other countries where we operate, in secure facilities in order to help ensure the protection of your personal data, and the Services.
EXCEPTIONS
We retain blacklists of fraudulent activity or security threats indefinitely in order to protect the security of our Services and your personal data. We share these blacklists with third party service providers in order to continue to improve the security of our Services and your personal data.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research, statistical or other purposes in which case we may use this information indefinitely without further notice to you.
DATA DELETION REQUESTS
If you wish to delete personal data we have collected during your use of our Services, you should send a request to our support team via CONTACT US link down below. Processing of your request will take some time to take effect. Thank you for your patience.
Please note that changing or deleting your personal data will only change or delete the data in our database for the purposes of future activities and for managing future communications.
We may keep your personal data, subject to the requirements of the law and legitimate interests of the Data Controller, please refer to the HOW WE USE YOUR PERSONAL DATA section above for further details. In case of your request to delete all your personal data, you agree that your email will be stored in our database to avoid creation of duplicate accounts and for identification purposes. The email will not be used in marketing activities.
Please note that, even after termination of membership and deletion of any personal data, as well as termination of any license granted hereunder, some content may continue to exist because of cached internet pages beyond our control.
8. YOUR LEGAL RIGHTS
RIGHTS OF EU USERS
If you are located in the European Union, as data subject (a person whose personal information is collected, stored and processed) you have several rights under General Data Protection Regulation (“GDPR”):
- You have the right to obtain confirmation if your personal information is being processed by us. If
that is the case, you can access your personal information and the following information:
- the purposes of the processing;
- the categories of personal information;
- to whom the personal information have been or will be disclosed;
- the envisaged period for which the personal information will be stored, or the criteria used to determine that period.
If you would like to have a copy of your personal information from us, we will provide it only in case: (1) you will prove your identity, (2) it will not adversely affect the rights and freedoms of others.
- You have the right to demand that we erase your personal information, and we shall erase it without
undue delay where one of the following grounds applies:
- this personal information is no longer necessary in relation to the purposes for which they were processed;
- you withdraw consent if the processing was based on your consent, and where there is no other legal ground for the processing;
- you object to the processing and there are no overriding legitimate grounds;
- your personal information has been unlawfully processed;
- your personal information has to be erased for compliance with a legal obligation.
- You have the right to receive your personal information which you provided us with in a structured,commonly used and machine-readable format and have the right to transmit those data to another company, where: (a) the processing is based on your consent or on a contract; and (b) the processing is carried out by automated means.
- You have the right to withdraw your consent for processing of your personal information at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal information infringes GDPR.
You can exercise the above rights by contacting our support team via the CONTACT US section down below.
RIGHTS OF CALIFORNIA USERS
If you are located in California, USA, the California Consumer Privacy Act (“CCPA”) gives you the right to exercise the following rights:
-
Right to know and access. You may submit a verifiable request for information regarding the:
- categories of personal information we collect, use or share;
- purposes for which categories of personal information are collected or used by us;
- categories of sources from which we collect personal Information; and
- specific pieces of personal information we have collected about you.
- Right to equal service. We will not discriminate against you if you exercise your privacy rights.
- Right to delete. You may submit a verifiable request to close your account and we will delete personal information about you that we have collected.
In order to verify your identity when you make a request, you will be required to log in to your password-protected account or respond to an email verification request.
You have a right to tell us that you do not want us to share your personal information with third parties, apart from the permitted share under this Privacy Policy and CCPA. We hereby inform you that we do not sell the personal Information of our users or share it in exchange for any value to any parties. We only share your personal information in manners and for purposes described above, which include solely business purposes.
Under CCPA, you can appoint an authorized agent to make the requests for exercising the rights above on your behalf. In order to do this, we will ask you to verify the request directly via email.
Under CCPA we are bound to disclose to you what categories of personal information we collect, how and when we share it. You can find this information in sections WHAT DATA WE COLLECT AND HOW and HOW WE USE YOUR PERSONAL DATA of this Privacy Policy.
The CCPA also requires us to disclose certain metrics about the various requests we get, such as how many specific requests we received from California residents in the last calendar year. You can request for us to provide the said metrics via the CONTACT US section down below.
RIGHTS OF VIRGINIA USERS
If you are located in Virginia, USA, the Virginia Consumer Data Protection Act (“VCDPA”) gives you the right to exercise the following rights:
- To confirm whether or not the Data Controller is processing your personal data and to access such personal data;
- To correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data;
- To delete personal data provided by or obtained about your;
- To obtain a copy of your personal data that you previously provided to the Data Controller in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means; and
- To opt out of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
In order to verify your identity when you make a request, you will be required to log in to your password-protected account or respond to an email verification request.
We hereby inform you that we do not sell the personal Information of our users or share it in exchange for any value to any parties. We only share your personal information in manners and for purposes described above, which include solely business purposes.
You can find what categories of personal information we collect, how and when we share it in sections WHAT DATA WE COLLECT AND HOW and HOW WE USE YOUR PERSONAL DATA of this Privacy Policy.
RIGHTS OF JAPAN USERS
If you are located in Japan, you shall have the right to object at any time to the processing of personal data for direct marketing purposes. You have the right to submit a complaint with the Personal Information Protection Commission if you consider that the processing of your personal information infringes The Act on the Protection of Personal Information (“APPI”). You can exercise the above rights by contacting our support team via the CONTACT US section down below.
9. CONTACT US
Your Data Controller’s contact information is: METALROX LIMITED, Reg no. HE 431218, Kadmou, 4, S.I. OLYMPIA BUSINESS CENTER, Agios Andreas, 1105, Nicosia, Cyprus.
Please send all the requests, including exercise of rights for Japan, EU, US and other users regarding personal data, as well as communications, inquiries, clarifications and provision of information to our support team via email at [email protected].
10. MISCELLANEOUS
YOUR LIABILITY
You hereby confirm and guarantee that you will never generate any databases, websites, software, legal entities and services that compete with our Services. Such behavior will be fully investigated, and necessary legal action will be carried out, including, without limitation, civil, criminal, and injunctive redress.
We reserve the right to replace, modify or amend this Privacy Policy at our own discretion. It is your responsibility to review this page and check for any Privacy Policy updates. Please note the latest modification date at the bottom of the Privacy Policy.
Last modified: 14/02/2024