Privacy Policy
Last Updated April 30, 2026
Andor Communications Private Limited (“we” or “us” or “our”) respects the privacy of our
users (“user” or “you”). We
are very delighted that you have shown interest in our app. Data
protection is of a particularly high priority for the
management of the Andor Communications
Private Limited. This Privacy Policy explains how we
collect, use, disclose, and safeguard your
information when you use our mobile application.
Please read this Privacy Policy carefully.
Andor Communications Pvt. Ltd built the AI Leap application (hereinafter referred to as the
“App” or the “Application”).The use of the App is
possible without any indication of personal
data; however, if a data
subject wants to use special enterprise services via our app, processing
of personal data could become necessary. If the processing of personal data is necessary
and
there is no statutory basis for such processing, we
generally obtain consent from the data
subject.
The processing of personal data, such as the name,
address, device id, advertiser id or
telephone number of a data subject shall always be in
line with the General Data Protection
Regulation (GDPR), and in accordance with the
country-specific data protection regulations
applicable to the Andor Communications Private
Limited. By means of this data protection
declaration, our enterprise would like to inform the
general public of the nature, scope, and
purpose of the personal data we collect, use and
process. Furthermore, data subjects are
informed, by means of this data protection
declaration, of the rights to which they are entitled.
As the controller, the
Andor Communications Private Limited has implemented numerous
technical and organizational measures to ensure the
most complete protection of personal data
processed through this application. However, Internet-based data transmissions may in principle
have security gaps, so absolute protection may not
be guaranteed. For this reason, every data
subject is free to transfer personal data to us via
alternative means, e.g. by email.
We reserve the right to
make changes to this Privacy Policy at any time and for any reason. We
will alert you about any changes by updating the
“Last updated” date of this Privacy Policy.
You
are encouraged to periodically review this Privacy
Policy to stay informed of updates. You will be
deemed to have been made aware of, will be subject
to, and will be deemed to have accepted
the changes in any revised Privacy Policy by your
continued use of the Application after the
date such revised Privacy Policy is posted.
This Privacy Policy does not apply to the
third-party online/mobile store from which you install
the Application or make payments, including any
in-game virtual items, which may also collect
and use data about you. We
are not responsible for any of the data collected by any such third
party.
1. Definitions
The data protection declaration of the Andor
Communications Private Limited is based on the
terms used by the European legislator for the
adoption of the General Data Protection
Regulation (GDPR). Our data protection declaration
should be legible and understandable for
the general public, as well as our customers and
business partners. To ensure this, we would
like to first explain the terminology used.
In this data protection declaration, we use, inter
alia, the following terms:
● Personal data
Personal data means any information relating to an
identified or identifiable natural
person (data subject). An identifiable natural person
is one who can be identified, directly
or indirectly, in
particular by reference to an identifier such as a name, an identification
number, location data, an
online identifier or to one or more factors specific to the
physical, physiological, genetic, mental, economic,
cultural or social identity of that
natural person.
● Data
subject
Data subject is any identified or identifiable
natural person, whose personal data is
processed by the controller responsible for the
processing.
● Processing
Processing is any operation or set of operations
which is performed on personal data or
on sets of personal data, whether or not by
automated means, such as collection,
recording, organisation, structuring, storage,
adaptation or alteration, retrieval,
consultation, use, disclosure by transmission,
dissemination or otherwise making
available, alignment or combination, restriction,
erasure or destruction.
● Restriction of processing
Restriction of processing is the marking of stored
personal data with the aim of limiting
their processing in the future.
● Profiling
Profiling means any form of automated processing of
personal data consisting of the
use of personal data to evaluate certain personal
aspects relating to a natural person, in
particular to analyse or predict aspects concerning
that natural person’s performance at
work, economic situation, health, personal
preferences, interests, reliability,
behaviour,
location or movements.
● Pseudonymisation
Pseudonymisation is the processing of personal data
in such a manner that the
personal data can no longer be attributed to a
specific data subject without the use of
additional information, provided that such
additional information is kept separately and is
subject to technical and organisational measures to
ensure that the personal data are
not attributed to an identified or identifiable
natural person.
● Controller or controller responsible for the processing
Controller or controller responsible for the
processing is the natural or legal person,
public authority, agency
or other body which, alone or jointly with others, determines the
purposes and means of the processing of personal
data; where the purposes and means
of such processing are determined by Union or Member
State law, the controller or the
specific criteria for its nomination may be provided
for by Union or Member State law.
● Processor
Processor is a natural or legal person, public
authority, agency or other body which
processes personal data on behalf of the
controller.
● Recipient
Recipient is a natural or legal person, public
authority, agency or another body, to which
the personal data are disclosed, whether a third
party or not. However, public authorities
which may receive personal data in the framework of
a particular inquiry in accordance
with Union or Member State law shall not be regarded
as recipients; the processing of
those data by those public authorities shall be in
compliance with the applicable data
protection rules according to the purposes of the
processing.
● Third
party
Third party is a natural or legal person, public
authority, agency or body other than the
data subject, controller,
processor and persons who, under the direct authority of the
controller or processor,
are authorised to process personal data.
● Consent
Consent of the data subject is any freely given,
specific, informed and unambiguous
indication of the data subject’s wishes by which he or she, by a statement or by a clear
affirmative action,
signifies agreement to the processing of personal data relating to him
or her.
● Personal data
Personal data means any information relating to an
identified or identifiable natural
person (data subject). An identifiable natural
person is one who can be identified, directly
or indirectly, in
particular by reference to an identifier such as a name, an identification
number, location data, an
online identifier or to one or more factors specific to the
physical, physiological, genetic, mental, economic,
cultural or social identity of that
natural person.
● Data
subject
Data subject is any identified or identifiable
natural person, whose personal data is
processed by the controller responsible for the
processing.
● Processing
Processing is any operation or set of operations
which is performed on personal data or
on sets of personal data, whether or not by
automated means, such as collection,
recording, organisation, structuring, storage,
adaptation or alteration, retrieval,
consultation, use, disclosure by transmission,
dissemination or otherwise making
available, alignment or combination, restriction,
erasure or destruction.
● Restriction of processing
Restriction of processing is the marking of stored
personal data with the aim of limiting
their processing in the future.
● Profiling
Profiling means any form of automated processing of
personal data consisting of the
use of personal data to evaluate certain personal
aspects relating to a natural person, in
particular to analyse or predict aspects concerning
that natural person’s performance at
work, economic situation, health, personal
preferences, interests, reliability,
behaviour,
location or movements.
● Pseudonymisation
Pseudonymisation is the processing of personal data
in such a manner that the
personal data can no longer be attributed to a
specific data subject without the use of
additional information, provided that such
additional information is kept separately and is
subject to technical and organisational measures to
ensure that the personal data are
not attributed to an identified or identifiable
natural person.
● Controller or controller responsible for the processing
Controller or controller responsible for the
processing is the natural or legal person,
public authority, agency or
other body which, alone or jointly with others, determines the
purposes and means of the processing of personal
data; where the purposes and means
of such processing are determined by Union or Member
State law, the controller or the
specific criteria for its nomination may be provided
for by Union or Member State law.
● Processor
Processor is a natural or legal person, public
authority, agency or other body which
processes personal data on behalf of the
controller.
● Recipient
Recipient is a natural or legal person, public
authority, agency or another body, to which
the personal data are disclosed, whether a third
party or not. However, public authorities
which may receive personal data in the framework of
a particular inquiry in accordance
with Union or Member State law shall not be regarded
as recipients; the processing of
those data by those public authorities shall be in
compliance with the applicable data
protection rules according to the purposes of the
processing.
● Third
party
Third party is a natural or legal person, public
authority, agency or body other than the
data subject, controller,
processor and persons who, under the direct authority of the
controller or processor,
are authorised to process personal data.
● Consent
Consent of the data subject is any freely given,
specific, informed and unambiguous
indication of the data subject’s wishes by which he or she, by a statement or by a clear
affirmative action,
signifies agreement to the processing of personal data relating to him
or her.
2. Name and Address of the controller
Controller for the purposes of the General Data
Protection Regulation (GDPR), other data
protection laws applicable in Member states of the
European Union and other provisions related
to data protection is:
Andor Communications Private Limited
19/103, East End Apartment, Mayur Vihar Phase1
110091 Delhi
India
Phone: +91-9810265170
Email: support@lightxapp.com
Website: https://www.lightxapp.com
3. Collection of general data and information
The App collects a series of general data and
information when a data subject or automated
system calls up the Application. This general data
and information are stored in the server log
files. Collected may be (1) the browser types and
versions used, (2) the operating system used
by the accessing system, (3) the website from which
an accessing system reaches the App
(so-called referrers), (4) the sub-screens, (5) the
date and time of access to the Internet site, (6)
an Internet protocol address (IP address), (7) the
Internet service provider of the accessing
system, and (8) any other similar data and
information that may be used in the event of attacks
on our information technology systems.
When using these general data and information, the
Andor Communications Private Limited
does not draw any conclusions about the data
subject. Rather, this information is needed to (1)
deliver the content of the App correctly, (2) optimize the content of the App as well as its
advertisement, (3) ensure the long-term viability of
our information technology systems and
website technology, and (4)
provide law enforcement authorities with the information necessary
for criminal prosecution in case of a cyber-attack.
Therefore, the Andor Communications Private
Limited analyzes anonymously collected data and
information statistically, with the aim of
increasing the data protection and data security of
our enterprise, and to ensure an optimal level
of protection for the personal data we process. The
anonymous data of the server log files are
stored separately from all personal data provided by
a data subject.
4. Routine erasure and blocking of personal data
The data controller shall process and store the
personal data of the data subject only for the
period necessary to achieve the purpose of storage,
or as far as this is granted by the European
legislator or other legislators in laws or
regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a
storage period prescribed by the European
legislator or another competent legislator expires,
the personal data are routinely blocked or
erased in accordance with legal requirements.
5. Rights of the data subject
● Right
of confirmation
Each data subject shall have the right granted by
the European legislator to obtain from
the controller the confirmation as to whether or not
personal data concerning him or her
are being processed. If a data subject wishes to
avail himself of this right of confirmation,
he or she may, at any
time, contact any employee of the controller.
● Right
of access
Each data subject shall have the right granted by
the European legislator to obtain from
the controller free information about his or her
personal data stored at any time and a
copy of this information. Furthermore, the European
directives and regulations grant the
data subject access to the following information:
● the purposes of the
processing;
● the categories of
personal data concerned;
● the recipients or
categories of recipients to whom the personal data have been or will be
disclosed, in particular recipients in third
countries or international organisations;
● where possible, the
envisaged period for which the personal data will be stored, or, if not
possible, the criteria used to determine that
period;
● the existence of the
right to request from the controller rectification or erasure of
personal data, or restriction of processing of
personal data concerning the data subject,
or to object to such processing;
● the existence of the
right to lodge a complaint with a supervisory authority;
● where the personal data
are not collected from the data subject, any available
information as to their source;
● the existence of
automated decision-making, including profiling, referred to in Article
22(1) and (4) of the GDPR and, at least in those
cases, meaningful information about the
logic involved, as well as the significance and
envisaged consequences of such
processing for the data subject.
● Furthermore, the data
subject shall have a right to obtain information as to whether
personal data are transferred to a third country or
to an international organisation. Where
this is the case, the data subject shall have the
right to be informed of the appropriate
safeguards relating to the transfer.
If a data subject wishes to avail himself of this
right of access, he or she may, at any
time, contact any employee of the controller.
● Right
to rectification
Each data subject shall have the
right granted by the European legislator to obtain from
the controller without undue delay the rectification
of inaccurate personal data
concerning him or her.
Taking into account the purposes of the
processing, the data
subject shall have the right to have incomplete
personal data completed, including by
means of providing a supplementary statement.
If a data subject wishes to exercise this right to
rectification, he or she may, at any time,
contact any employee of the controller.
● Right
to erasure (Right to be forgotten)
Each data subject shall have the
right granted by the European legislator to obtain from
the controller the erasure of personal data
concerning him or her without undue delay,
and the controller shall have the obligation to
erase personal data without undue delay
where one of the following grounds applies, as long
as the processing is not necessary:
○ The personal data are
no longer necessary in relation to the purposes for which
they were collected or otherwise processed.
○ The data subject
withdraws consent to which the processing is based according
to point (a) of Article 6(1) of the GDPR, or point
(a) of Article 9(2) of the GDPR,
and where there is no other legal ground for the
processing.
○ The data subject
objects to the processing pursuant to Article 21(1) of the GDPR
and there are no overriding legitimate grounds for
the processing, or the data
subject objects to the processing pursuant to
Article 21(2) of the GDPR.
○ The personal data have
been unlawfully processed.
○ The personal data must
be erased for compliance with a legal obligation in Union
or Member State law to which the controller is
subject.
○ The personal data have
been collected in relation to the offer of information
society services referred to in Article 8(1) of the
GDPR.
● If one of the
aforementioned reasons applies, and a data subject wishes to request the
erasure of personal data stored by the Andor
Communications Private Limited, he or she
may, at any time, contact
any employee of the controller. An employee of Andor
Communications Private Limited shall promptly ensure
that the erasure request is
complied with immediately.
Where the controller has made personal data public
and is obliged pursuant to Article
17(1) to erase the personal data, the
controller, taking account of available technology
and the cost of implementation, shall take
reasonable steps, including technical
measures, to inform other controllers processing the
personal data that the data subject
has requested erasure by such controllers of any
links to, or copy or replication of, those
personal data, as far as processing is not required.
An employees of the Andor
Communications Private Limited will arrange the
necessary measures in individual
cases.
● Right
of restriction of processing
Each data subject shall have the right granted by
the European legislator to obtain from
the controller restriction of processing where one
of the following applies:
○ The accuracy of the
personal data is contested by the data subject, for a period
enabling the controller to verify the accuracy of
the personal data.
○ The processing is
unlawful and the data subject opposes the erasure of the
personal data and requests instead the restriction
of their use instead.
○ The controller no
longer needs the personal data for the purposes of the
processing, but they are required by the data
subject for the establishment,
exercise or defence of legal claims.
○ The data subject has
objected to processing pursuant to Article 21(1) of the
GDPR pending the verification whether the legitimate
grounds of the controller
override those of the data subject.
● If one of the
aforementioned conditions is met, and a data subject wishes to request the
restriction of the processing of personal data
stored by the Andor Communications
Private Limited, he or she may at any time contact
any employee of the controller. The
employee of the Andor Communications Private Limited
will arrange the restriction of the
processing.
● Right
to data portability
Each data subject shall have the right granted by
the European legislator, to receive the
personal data concerning him or her, which was provided to a controller, in a
structured,
commonly used and machine-readable format. He or she
shall have the right to transmit
those data to another controller without hindrance
from the controller to which the
personal data have been provided, as long as the
processing is based on consent
pursuant to point (a) of Article 6(1) of the GDPR or
point (a) of Article 9(2) of the GDPR,
or on a contract pursuant to point (b) of Article
6(1) of the GDPR, and the processing is
carried out by automated means, as long as the
processing is not necessary for the
performance of a task carried out in the public
interest or in the exercise of official
authority vested in the controller.
Furthermore, in exercising his or her right to data
portability pursuant to Article 20(1) of
the GDPR, the data subject shall have the right to
have personal data transmitted
directly from one controller to another, where technically feasible and when doing so
does not adversely affect
the rights and freedoms of others.
In order to assert the right to data
portability, the data subject may at any time contact
any employee of the Andor Communications Private
Limited.
● Right
to object
Each data subject shall have the right granted by
the European legislator to object, on
grounds relating to his or her particular situation,
at any time, to processing of personal
data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR.
This also applies to profiling based on these
provisions.
The Andor Communications Private Limited shall no
longer process the personal data in
the event of the objection, unless we can
demonstrate compelling legitimate grounds for
the processing which override the interests, rights
and freedoms of the data subject, or
for the establishment, exercise or defence of legal
claims.
If the Andor Communications Private Limited
processes personal data for direct
marketing purposes, the data subject shall have the
right to object at any time to
processing of personal data concerning him or her
for such marketing. This applies to
profiling to the extent that it is related to such
direct marketing. If the data subject objects
to the Andor Communications Private Limited to the
processing for direct marketing
purposes, the Andor Communications Private Limited
will no longer process the personal
data for these purposes.
In addition, the data subject has the right, on
grounds relating to his or her particular
situation, to object to processing of personal data
concerning him or her by the Andor
Communications Private Limited for scientific or
historical research purposes, or for
statistical purposes pursuant to Article 89(1) of
the GDPR, unless the processing is
necessary for the performance of a task carried out
for reasons of public interest.
In order to exercise the right to object, the data
subject may contact any employee of
the Andor Communications Private Limited. In
addition, the data subject is free in the
context of the use of information society services,
and notwithstanding Directive
2002/58/EC, to use his or her right to object by
automated means using technical
specifications.
● Automated individual decision-making, including profiling
Each data subject shall have the right granted by
the European legislator not to be
subject to a decision based solely on automated
processing, including profiling, which
produces legal effects
concerning him or her, or similarly significantly affects him or her,
as long as the decision (1) is not is necessary for
entering into, or the performance of, a
contract between the data subject and a data
controller, or (2) is not authorised by Union
or Member State law to which the controller is
subject and which also lays down suitable
measures to safeguard the data subject’s rights and freedoms and legitimate interests,
or (3) is not based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into,
or the performance of, a contract
between the data subject and a data controller, or (2) it is based on the data subject’s
explicit consent, the Andor Communications Private
Limited shall implement suitable
measures to safeguard the data subject’s rights and freedoms and legitimate interests,
at least the right to obtain human intervention on
the part of the controller, to express his
or her point of view and contest the decision.
If the data subject wishes to exercise the rights
concerning automated individual
decision-making, he or she may, at any time, contact any employee of the Andor
Communications Private Limited.
● i)
Right to withdraw data protection consent
Each data subject shall have the
right granted by the European legislator to withdraw
his or her consent to processing of his or her
personal data at any time.
If the data subject wishes to exercise the right to
withdraw the consent, he or she may,
at any time, contact any employee of the Andor
Communications Private Limited.
6. Data protection provisions about the application
and use of Facebook Audience
Network
In the App, the controller has integrated components
of the enterprise Facebook. Facebook is a
social network.
Audience Network is a network of publisher-owned
apps and sites where you can show your
ads.
People spend a lot of their time on Facebook and
Instagram. But they are also spending time on
other apps and sites. Audience Network helps
advertisers reach more of the people they care
about in the other places where they’re spending
their time.
In a Facebook ad campaign study, conversion rates were 8x higher among people who saw ads
across Facebook, Instagram and Audience Network than
people who only saw the ads on
Facebook.
Audience Network ads use the same targeting,
auction, delivery and measurement systems as
Facebook ads.
The operating company of Facebook is Facebook, Inc.,
1 Hacker Way, Menlo Park, CA 94025,
United States. If a person lives outside of the
United States or Canada, the controller is the
Facebook Ireland Ltd., 4 Grand Canal Square, Grand
Canal Harbour, Dublin 2, Ireland.
If the data subject is logged in at the same time on
Facebook, Facebook detects with every
call-up to the App by the data subject - and for the
entire duration of their stay on the App, which
specific screens of the App were visited by the
data subject. This information is collected
through the Facebook component and associated with
the respective Facebook account of the
data subject.
The data protection guideline published by
Facebook, which is available at
https://facebook.com/about/privacy/, provides
information about the collection, processing and
use of personal data by Facebook. In addition, it
is explained there what setting options
Facebook offers to
protect the privacy of the data subject. In addition, different
configuration
options are made available to allow the elimination
of data transmission to Facebook. These
applications may be used by the data subject to
eliminate a data transmission to Facebook.
7. Data protection provisions about the application
and use of Google Analytics (with
anonymization function)
In the App, the controller has integrated the
component of Google Analytics (with the
anonymizer function). Google Analytics is a web
analytics service. Web analytics is the
collection, gathering, and analysis of data about
the behavior of visitors to websites. A web
analysis service collects, inter alia, data about
the website from which a person has come (the
so-called referrer), which sub-pages were visited,
or how often and for what duration a sub-page
was viewed. Web analytics
are mainly used for the optimization of a website and in order to
carry out a cost-benefit analysis of Internet
advertising.
The operator of the Google Analytics component is
Google Inc., 1600 Amphitheatre Pkwy,
Mountain View, CA
94043-1351, United States.
For the web analytics through Google Analytics the
controller uses the application “_gat.
_anonymizeIp”. By means of this application the IP
address of the Internet connection of the
data subject is abridged by Google and anonymised
when accessing In the App from a Member
State of the European Union or another Contracting
State to the Agreement on the European
Economic Area.
The purpose of the Google Analytics component is to
analyze the traffic in the App. Google uses
the collected data and information, inter alia, to
evaluate the use of the App and to provide
online reports, which show the activities and to
provide other services concerning the use of the
App for us.
First-party Cookies
Google Analytics collects first-party cookies, data
related to the device/browser, IP address and
on-site/app activities to measure and report
statistics about user interactions on the websites
and/or apps that use Google Analytics. Customers
may customize cookies and the data
collected with features like cookie settings, User-ID, Data
Import, and Measurement Protocol.
Learn more
Google Analytics customers who have for instance,
enabled the analytics.js or gtag.js collection
method can control whether or not they use cookies
to store a pseudonymous or random client
identifier. If the
customer decides to set a cookie, the information stored in the local first-party
cookie is reduced to a random identifier (e.g.,
12345.67890).
For customers who use the Google Analytics for Apps
SDK, we collect an App Instance
Identifier, which is a
number that is randomly generated when the user installs an app for the
first time.
Advertising identifiers
Where customers use Google
Analytics Advertising Features, Google advertising cookies are
collected and used to enable features like
Remarketing on the Google Display Network. These
features are subject to the users’ Ads Settings, the Policy requirements for Google Analytics
Advertising Features and
Google’s EU User Consent policy, which requires
customers to obtain
consent for cookies where legally
required—including consent for personalized ads. For more
information about how Google uses advertising
cookies, visit the Google Advertising Privacy
FAQ. It
is possible to implement Google Analytics without affecting normal
data collection where
Advertising features are disabled until consent is
obtained.
IP Address
Google Analytics uses IP addresses to derive the
geolocation of a visitor, and to protect the
service and provide security to our customers.
Customers may apply IP masking so that
Google
Analytics uses only a portion of an IP address
collected, rather than the entire address. In
addition, customers can override IPs at will using
our IP Override feature.Further
information
and the applicable data protection provisions of
Google may be retrieved under
https://www.google.com/intl/en/policies/privacy/ and under
https://www.google.com/analytics/terms/us.html. Google Analytics is
further explained under the
following Link https://www.google.com/analytics/.
8. Data protection provisions about the application
and use of FireBase
In the App, the controller has integrated a
real-time database that syncs data among users in
real time.
The operating company of Firebase is Google Inc.,
1600 Amphitheatre Pkwy, Mountain View,
CA 94043-1351, UNITED STATES.
With each call-up to one of the individual pages of
this website, which is operated by the
controller and on which a Firebase SDK has been
integrated, the app on the information
technology system of the data subject automatically
downloads a display of the corresponding
Firebase SDK of Google through the respective
component. During the course of this technical
procedure, Google is made aware of what specific
sub-page of the App was visited by the data
subject. More detailed information about Firebase
is available under
https://firebase.google.com/support/privacy/
If the data subject is logged in at the same time
to FireBase, Google recognizes with each
call-up to the App by the data subject and for the
entire duration of his or her stay on the App,
which specific sub-pages of our app screen were
visited by the data subject. This information is
collected through the FireBase SDK.
Further information and the data protection
provisions of Google may be retrieved under
https://www.google.com/intl/en/policies/privacy/.
9. Data protection provisions about the application
and use of Crashlytics
On this application, the controller has integrated
components of Crashlytics by
Google.Crashlytics, a business division of Google
Inc., (herein referred to as “Crashlytics”)
offers a suite of
services to provide mobile application developers with information about the
functioning of publicly released and beta versions
of their mobile applications. The Crashlytics
Privacy Policy (“Privacy Policy”) governs the
Crashlytics crash reporting and beta testing
solution and www.crashlytics.com as well as our other websites (collectively, the “Services”).
Effective November 20,
2015. https://try.crashlytics.com/terms/privacy-policy.pdf
The operating company of Crashlytics by Google is
Google Inc., 1600 Amphitheatre Pkwy,
Mountain View, CA
94043-1351, UNITED STATES.
Crashlyticsservices automatically collect certain
information that does not personally identify
End Users who access or use mobile applications that
use the Services. This information
includes, but is not limited to, device state
information, unique device identifiers, device
hardware and OS information, information relating
to how an application functions, and the
physical location of a device at the time of a
crash.
Further information and the applicable data
protection provisions of Crashlytics may be retrieved
under DoubleClick by Google https://www.google.com/intl/en/policies/.
10. Data protection provisions about the
application and use of YouTube
In the App, the controller has integrated
components of YouTube. YouTube is an Internet video
portal that enables video publishers to set video
clips and other users free of charge, which also
provides free viewing, review and commenting on
them. YouTube allows you to publish all kinds
of videos, so you can access both full movies and
TV broadcasts, as well as music videos,
trailers, and videos made by users via the Internet
portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066,
UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy,
Mountain View, CA
94043-1351, UNITED STATES.
With each call-up to one of the individual pages of
this Internet site, which is operated by the
controller and on which a YouTube component (YouTube video) was integrated, the Internet
browser on the information technology system of the
data subject is automatically prompted to
download a display of the corresponding YouTube component. Further information about
YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of
this technical procedure, YouTube and Google gain knowledge of what specific
sub-page of the
App was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page
that contains a YouTube video, which specific sub-page of the App was visited by the data
subject. This information is collected by YouTube and Google and assigned to the respective
YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data
subject has visited the App, if the data subject at
the time of the call to the App is logged in on
YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such
a transmission of this information to YouTube and Google is not desirable for the data
subject,
the delivery may be prevented if the data subject
logs off from their own YouTube account
before a call-up to the App is made.
YouTube’s data protection provisions, available at
https://www.google.com/intl/en/policies/privacy/, provide information
about the collection,
processing and use of personal data by YouTube and Google.
11. Data protection
provisions about the application and use of Google Admob
On this app, the controller has integrated
components of Admob by Google. Admob is a
trademark of Google, under which predominantly
special online marketing solutions are
marketed to advertising agencies and publishers.
The operating company of Admob by Google is Google
Inc., 1600 Amphitheatre Pkwy, Mountain
View, CA 94043-1351,
UNITED STATES.
● AdMob’s privacy policy is available at www.google.com/intl/en/policies/privacy
AdMob by Google helps us monetize
your mobile app through in-app advertising. Ads can be
displayed as banner ads, interstitial ads, video
ads, or native ads—which are seamlessly added
to platform native UI components. On Android, you
can additionally display in-app purchase
ads, which allow users to purchase advertised
products from within your app.
AdMob uses the Google Mobile Ads SDK. The Google
Mobile Ads SDK helps app developers
gain insights about their users, drive more in-app
purchases, and maximize ad revenue. In order
to do so, the default integration of the Mobile Ads
SDK collects information such as device
information, publisher-provided location
information, and general in-app purchase information
such as item purchase price and currency.
Further information and the applicable data
protection provisions of DoubleClick may be
retrieved under DoubleClick by Google https://www.google.com/intl/en/policies/.
12. Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for
processing operations for which we obtain
consent for a specific processing purpose. If the
processing of personal data is necessary for
the performance of a contract to which the data
subject is party, as is the case, for example,
when processing operations are necessary for the
supply of goods or to provide any other
service, the processing is based on Article 6(1)
lit. b GDPR. The same applies to such
processing operations which are necessary for
carrying out pre-contractual measures, for
example in the case of inquiries concerning our
products or services. Is our company subject to
a legal obligation by which processing of personal
data is required, such as for the fulfillment of
tax obligations, the processing is based on Art.
6(1) lit. c GDPR. In rare cases, the processing of
personal data may be necessary to protect the vital
interests of the data subject or of another
natural person. This would be the case, for example,
if a visitor were injured in our company and
his name, age, health insurance data or other vital
information would have to be passed on to a
doctor, hospital or other
third party. Then the processing would be based on Art. 6(1) lit. d
GDPR. Finally, processing
operations could be based on Article 6(1) lit. f GDPR. This legal
basis is used for processing operations which are
not covered by any of the abovementioned
legal grounds, if processing is necessary for the
purposes of the legitimate interests pursued by
our company or by a third party, except where such interests are overridden by the interests or
fundamental rights and freedoms of the data subject
which require protection of personal data.
Such processing operations are particularly
permissible because they have been specifically
mentioned by the European legislator. He considered that a legitimate interest could be
assumed if the data subject is a client of the
controller (Recital 47 Sentence 2 GDPR).
13. The legitimate interests pursued by the
controller or by a third party
Where the processing of personal data is based on
Article 6(1) lit. f GDPR our legitimate interest
is to carry out our business in favor of the
well-being of all our employees and the shareholders.
14. Period for which the personal data will be
stored
The criteria used to determine the period of storage
of personal data is the respective statutory
retention period. After expiration of that period,
the corresponding data is routinely deleted, as
long as it is no longer necessary for the
fulfillment of the contract or the initiation of a contract.
15. Provision of personal data as statutory or
contractual requirement; Requirement
necessary to enter into a contract; Obligation of
the data subject to provide the personal
data; possible consequences of failure to provide
such data
We clarify that the
provision of personal data is partly required by law (e.g. tax regulations) or
can also result from contractual provisions (e.g.
information on the contractual partner).
Sometimes it may be necessary to conclude a contract
that the data subject provides us with
personal data, which must subsequently be processed
by us. The data subject is, for example,
obliged to provide us with personal data when our
company signs a contract with him or her.
The non-provision of the personal data would have
the consequence that the contract with the
data subject could not be concluded. Before
personal data is provided by the data subject, the
data subject must contact any employee. The employee
clarifies to the data subject whether the
provision of the personal data is required by law or
contract or is necessary for the conclusion of
the contract, whether there is an obligation to
provide the personal data and the consequences
of non-provision of the personal data.
16. Existence of automated decision-making
As a responsible company,
we do not use automatic decision-making or profiling.
Link to third party applications
The App provides an option to share edited images
using third party social applications such as
Facebook, Google+, Twitter etc. Such applications are governed by their respective privacy
policies, which are beyond our control. Once you
share your image using these applications,
use of any information provided by you is governed
by the privacy policy of these applications. If
you can’t find the privacy policy of any of these
sites via a link from the App’s homepage, you
should contact the application directly for more
information.
Mobile Device Access
We may request access or
permission to certain features from your mobile device, including
your mobile device’s
camera, storage, sensors, and other features. If you wish to change our
access or permissions, you may do so in your
device’s settings. The uploaded images are solely
used to generate AI images as per your commands.
We request rights over them for the sole
purpose of enhancing your experience with the app.
Images, Photos, and Videos
Our app accesses your camera and photo library only
to enable editing and applying effects.
Facial landmark processing is performed entirely on
your device by default.
We do not collect or store
face data, facial geometry, or biometric identifiers on our servers, and
we do not derive sensitive attributes such as age,
gender, or race.
If you choose to use a cloud-based feature, the
selected image is securely transmitted to our
servers solely to generate the requested output.
These images are automatically deleted within
30 days or sooner.
We do not use your photos
or face data for identification, authentication, advertising, analytics,
or model training, and we do not share them with
third parties.
Purpose and Operations
We process images, videos,
and media only to provide core app functionality, such as editing
and enhancing content.
We may use limited,
non-sensitive information (such as app usage signals) to improve user
experience and offer
relevant features. We do not use your photos, videos, or face data for
marketing purposes.
Mobile Device Data
Device information such as your mobile device ID
number, model, and manufacturer, version of
your operating system, phone number, country, location, and any other data you choose
to
provide.
Push Notification
We may request to send
you push notifications regarding your account or the Application. If you
wish to opt-out from receiving these types of
communications, you may turn them off in your
device’s settings.
CALIFORNIA PRIVACY RIGHTS
California Civil Code Section 1798.83, also known
as the “Shine The Light” law, permits our
users who are California residents to request and
obtain from us, once a year and free of
charge, information about categories of personal
information (if any) we disclosed to third
parties for direct marketing purposes and the names
and addresses of all third parties with
which we shared personal information in the
immediately preceding calendar year. If you are
a
California resident and would like to make such a
request, please submit your request in writing
to us using the contact information provided
below.
If you are under 18 years of age, reside in
California, and have a registered account with the
Application, you have the right to request removal
of unwanted data that you publicly post on
the Application. To
request removal of such data, please contact us using the contact
information provided below, and include the email address associated with your account and a
statement that you reside in California. We will make sure the data is not publicly displayed on
the Application, but please be aware that the data
may not be completely or comprehensively
removed from our systems.
Sale or Bankruptcy
If we reorganise or sell all or a portion of our
assets, undergo a merger, or are acquired by
another entity, we may
transfer your information to the successor entity. If we go out of
business
or enter bankruptcy, your
information would be an asset transferred or acquired by a third
party.
You acknowledge that such
transfers may occur and that the transferee may decline honor
commitments we made in this Privacy Policy. We are not responsible for the actions of third
parties with whom you share personal or sensitive
data, and we have no authority to manage or
control third-party solicitations. If you no longer
wish to receive correspondence, emails or other
communications from third parties, you are
responsible for contacting the third party directly.
Change in Privacy Policy
However internet is an ever evolving medium and thus
we may change our privacy policy from
time to time to incorporate any necessary changes.
If under any such update we make any
material change to the way we treat your
information, we will inform you of such change via
posting a notice on relevant areas of the Services
such as AppStore. Any updated version of
this Privacy Policy will be effective as of the date set forth therein.
CONTACT US
If you have questions or comments about this Privacy
Policy, please contact us at:
By email: support@lightxapp.com, support@andor.mobi