RobinsNote Privacy Policy

Please note: While most of our users would likely prefer a shorter privacy notice, current laws and regulations require us to offer a lot of information on our processing operations. We have thereby endeavored to offer summarized snapshots of the most relevant information under certain sections of this notice. Feel free to read the short section summaries provided at the beginning of most sections or read the full legally binding text below each summary.

Please note: All the following expressions related to the company, WALI INNOVATION TECHNOLOGY CO., LIMITED, are represented by RobinsNote

1. Introduction

This privacy policy serves as a notice to individuals under Article 13 of the General Data Protection Regulation (GDPR) regarding the processing of personal data by RobinsNote as well as its subsidiaries, and outlines how personal and other data is processed in connection with the RobinsNote: Smart Bird Feeder, the corresponding RobinsNote: Smart Bird Feeder iOS and Android applications, the https://robinsnote.com/ website as well as other company websites, operations and processes, as further outlined below (hereinafter: privacy notice or notice).

This notice has been split into six sections:

Introduction – Here, you can find information regarding us, the controller of your personal data and the applicability of this privacy notice.

Data processing activities that relate to our websites, communications, sales and the delivery of our products, as well as our general marketing and other company operations – Here, you can find information on how we process your personal data when you visit our website, buy our products, sign up for our newsletter, etc.

Data processing activities that relate to the RobinsNote: Smart Bird Feeder and corresponding RobinsNote: Smart Bird Feeder iOS and Android applications – This section contains information on how we collect, process, store, share and use the photos that are captured by the feeder and application.

Additional general information – This section contains other relevant data processing information, information on who might process your data and what companies we might share it with, how we handle data transfers to “third countries” and research organizations, and an outline of your corresponding data subject rights.

Privacy information for California residents – This section contains information on data processing in relation to California residents in accordance with the California Consumer Privacy Act.

Document version and updates – See when this document became applicable and the changes that have been made with the last version.

All California residents that visit our website, use our products or otherwise interact with our organization are kindly asked to observe section 5 of this notice which has been prepared in accordance with the California Consumer Privacy Act.

1.1. Information on the controller of your personal data

Summary: Information on us (i.e. the data controller responsible for your personal data) and where we, our EU representative or our dedicated Data Protection Officer can be reached.

Company: WALI INNOVATION TECHNOLOGY CO., LIMITED

Company Adress:

RM A07, 1701-02 NEW TREND

CENTRE, 704 PRINCE EDWARD ROAD

EAST, SAN PO KONG KLN

HONG KONG

Website: https://robinsnote.com/

1.2 Use and applicability of this privacy notice

Summary: This privacy notice is applicable if you visit our websites, use the RobinsNote: Smart Bird Feeder and corresponding app or otherwise interact with our company in a way where we receive or otherwise process your data as mentioned under sections 2 and 3 of this notice. If you are a resident of California, please see section 5. In the event of substantial changes to this notice, we will notify you accordingly via email, through the app or on our website (depending on the importance of the change).

This privacy notice is addressed to our website visitors, web store customers, RobinsNote feeder users, RobinsNote feeder guest users and all other individuals who offer their personal data to WALI INNOVATION TECHNOLOGY CO., LIMITED in connection with its websites, operations, products and services, as stated in sections 2 and 3 of this notice.

This privacy notice undertakes to explain which personal data we process, to what end we process such data, under which legal grounds, how long the data is kept and under what circumstances we may share or disclose said personal data to third parties.

This privacy notice has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such information and repealing Directive 95/46 / EC (hereinafter the General Data Protection Regulation or the GDPR), the United Kingdom General Data Protection Regulation and the California Consumer Privacy Act that came into force on January 1, 2020 (hereinafter the: CCPA or California Consumer Privacy Act).

In the case of any conflict or ambiguity between this privacy notice and the provisions of any special privacy notice or data processing information that we might have offered to you in connection with a particular website, product or service, the provision of the latter shall prevail.

For the purposes of this notice, the term “personal data” means any information that relates to, describes or could be used to identify any individual, either directly or indirectly. Unless otherwise stated, other various terms that can be found in this privacy notice and which stem from the GDPR (e.g. processing, controller, processor, etc.) have the same meaning as specified in the GDPR.

In this notice, the word “app” means the RobinsNote: Smart Bird Feeder iOS and Android applications which we develop and provide, unless it is clearly stated that we are referring to another application.

In this notice, the word “feeder” means the RobinsNote: Smart Bird Feeder.

In this notice, the words “photo”, “postcard”, “video”, “recording” mean the corresponding audio/video/sound content/recordings, as the case may be, that your feeder automatically generates and that is made available to you inside of the app.

This privacy notice may be updated from time to time in order to better reflect the changes that we might make in relation to our data processing or data protection operations or for other operational and legal reasons.

If this notice is significantly changed, we will publish the news on our platform or send the notification as a message within the service or via email to the relevant data subjects that the change might affect. The importance of the change shall dictate the type of notification method used (i.e. sending emails when we would like to implement additional processing purposes which require your explicit consent).

This notice may contain links to websites of third party processors/service providers or individual controllers that may be involved in our processing activities (see point 4.4 of this notice). If you follow a link to any third-party website, please note that the contents of the website may have changed since the link has been added. Please also consider that all third parties have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data that is unlawful or goes beyond the scope of our engagement.

This notice does not offer insights on how to use our products or services. More information about the functionalities and use of our products and services can be found on our designated support page.

2. Data processing activities that relate to our websites, communication, sales and delivery of our products, our general marketing and other company operations

Summary: The following is an overview of when we process your personal data, what personal data we process, why we process said data, what underlying legal basis allows us to do this and how long we keep your data in each case. This section refers to situations where you visit our websites, communicate with us, buy from us, or when we perform our general marketing and other activities. We do not sell personal data of any individuals.

2.1 Visiting and using our websites

2.1.1 Visiting our website involves the placing of necessary cookies

Summary: We automatically place necessary cookies on your device when you visit our website. These cookies are necessary so that our website may be displayed and function properly. These cookies do not typically reveal any information about your browsing habits and preferences (see our dedicated Cookie Policy to learn more).

When: When you visit our website, we automatically place necessary cookies on your device.

Data: Necessary cookie data which typically only reveals technical information about your device (see our Cookie policy to learn more).

Purpose: Necessary cookies are essential for the correct functioning of our website and enable key functions like page navigation, display features, page responsiveness, etc. (see our Cookie Policy to learn more).

Legal basis: We are legally permitted to place necessary cookies on your device without consent.

Data retention: Necessary cookie data can either be stored for the duration of your browsing session or longer (see our Cookie Policy to learn more).

2.2 Consenting to our use of analytical cookies

Summary: When you visit our website, we may place analytical cookies on your device. These cookies are provided to us by our service providers such as Alphabet Inc. (i.e. Google) and others, whereby they make use of automated technologies to collect and analyses information which includes personal data (such as your IP address) to understand how you use our website in order to tailor our site user experience. These cookies might indicate information about your browsing habits and preferences (see our Cookie Policy to learn more).

When: When you visit our website and click the relevant button in our cookie pop-up.

Data: The information we obtain in this manner may include your device’s IP address, identifiers associated with your devices, the types of devices connected to our services, web browser characteristics, device characteristics, language preferences, referring/exit pages, clickstream data, and dates and times of website or app visits (see our Cookie Policy to learn more).

Purpose: Our analytical cookies help us understand how visitors interact with our websites by collecting and reporting usage information. The intention is to improve features, evaluate and optimize the website user experience, and potentially improve the effectiveness of our marketing (see our Cookie Policy to learn more).

Legal basis: Where required by applicable law (e.g. if you are a resident of the European Economic Area), we will obtain your consent before placing analytical cookies on your device.

Data retention: Analytical cookie data can either be stored for the duration of your browsing session or longer (see our Cookie Policy to learn more).

2.3 Consenting to our use of marketing cookies for online tracking and interest-based advertising

Summary: When you visit our website, we may also place marketing cookies on your device. These cookies are provided to us by our service providers such as Alphabet Inc. (i.e. Google), Meta Platforms Inc. (i.e. Facebook) and others, whereby these cookies make use of automated technologies to collect and analyze different information, including personal data (such as your email, IP addresses, search history, clicks, preferences, interests) for targeted advertising purposes across the web. These cookies reveal information about your browsing habits and preferences (see our Cookie Policy to learn more).

When: When you visit our website and click the relevant button in our cookie pop-up.

Data: Data collection takes place both on our website and on third-party websites where our providers’ cookies, web beacons, pixels and other similar technologies have been placed on your device and where your inferred interests, browsing context, demographic data as well as other online activities over time have been collected through automated means (see our Cookie Policy to learn more).

Purpose: Our marketing cookies are used to track visitors across different websites. The intent is to increase the effectiveness of our ads by enabling target- and interest-based advertising on other online platforms, websites and ad networks (i.e. when you use Google search, Facebook, etc.) (see our Cookie Policy to learn more).

Legal basis: Where required by applicable law (e.g. if you are a resident of the European Economic Area), we will obtain your consent before placing marketing cookies on your device.

Data retention: Please see the information for each individual cookie provider in our Cookie Policy.

2.4 Communication, sales and delivery of our products

2.4.1 When reaching out to us both on and off our websites

Summary: When you reach out to us (e.g. by sending an email to an address that belongs to us, messaging us through our Facebook page or Instagram profile, etc.), we shall process any data you might share (or have shared with us in the past) in order to respond to you or fulfil your request.

When: When you choose to reach out to us or contact us (i.e. by sending an email to an address that belongs to us, submitting a question through our chat module, reaching out to us through our official email channels, social media platforms, or in communication with our employees/agents or via other means).

Data: We may process any data/information you disclose during your purchase (such as your name, email address, billing address, shipping address, products ordered and order number) or which we might already have and require to formulate our response/solve your issue.

Purpose: In order to respond to emails, messages, formal inquiries, proposals, support, troubleshooting and other inbound communication.

Legal basis: We carry out these processing activities because processing might be necessary for the performance of a contract to which the person reaching out to us is a party (e.g. if you have bought a product from us and reach out to us for shipping clarification) or in order to take steps at the request of the data subject prior to entering into a contract (e.g. if you reach out to us with questions about our products prior to placing an order) or on the basis of our legitimate interests.

Data retention: We typically do not keep communication data after responding to you. An exception to the aforementioned can be made if messaging or other communication had been performed through the use of a dedicated service (i.e. email, chat module, etc.), whereby we may keep data in such systems for up to 3 years after having received it.

In certain rare cases, we might keep parts of the data/communication for a longer period, if it is evident that certain data is needed in a legal or other official proceeding that is being carried out.

If such communications took place through platforms such as Facebook, please refer to the data retention periods that Meta Inc. or other platform providers might offer, as data deletion in such circumstances is not solely dependent on us (please see point 4.4 of this notice).

2.4.2 When purchasing a product or subscription from us on our website or through our app

Summary: When you purchase a product or subscription on our website or through our app, we are required to collect and process certain contact, payment, shipping and transactional data for product invoicing, delivery and other necessary administrative or legally required purposes. The data is shared with Shopify Inc. that offers the relevant check-out module of our website, and may be used by different payment facilitators (such as PayPal, Stripe or Google Pay / Apple Pay when purchasing through our app), as well as shared with our delivery service providers (depending on your selected payment method and shipping address). We may be legally required to store parts of such data for up to 7 or 10 years under applicable tax and other legislation.

When: When you purchase a product or subscription from us through our website or app.

Data: Your contact and shipping information (such as your name, email, country, address, billing address, shipping address, telephone number, products ordered, order number (whereby this data can also be shared with our contracted delivery services as stated above), your payment information, such as your credit card number, billing address, holder name, issuing bank, expiry date, and security code.

Purpose: We use this data in order to legally sell and ship our products to you and send you transactional emails (e.g. order status, invoice, etc.).

Your contact and shipping data is shared with our delivery services and your payment information is collected and stored by our third-party payment facilitators on our behalf (such as Shopify, MasterCard, Stripe, PayPal, Apple Pay, Google and others) (see point 4.4 to learn more), whereby these parties may be considered as individual data controllers or processors, as the case may be.

Data you share with us through the check-out or default payment module of our website is also shared with Shopify Inc., which is the company behind the platform our webstore is built and operates on (please see point 4.4 of this notice to find out more about who we might share your data with and why).

This data may also be processed when we are required to comply with legal requirements and other regulations, especially those governing the control of personal data, taxes, invoicing and payments.

Legal basis: Contractual (i.e. the concluded distance sale contract you enter into when you agree to our terms of sale and place your order).

Data retention: We may retain a minimized set of the aforementioned data that includes your contact information, payment and shipping information (such as your name, email address, billing address, shipping address, products ordered and order number) until the expiration of the statutory period under which we may be held liable in relation to any possible hidden defects on the products we have sold you (i.e. up to 3 years, depending on where you are located). This does not include any data that you might have given us on any other grounds or for any other purposes (i.e. data that we process for marketing purposes based on your consent, data that relates to your registered user account, etc.).

We are legally obliged to retain certain transactional data in unminimized form (such as invoicing data) for a minimum of 7 or even 10 years (depending on the point of sale and the location of our subsidiary that is issuing the invoice).

We may also retain certain data on the grounds of our legitimate interest if we detect reasonable grounds that fraud or attempted fraud had taken place in relation to the sale of our products. Such data shall not be kept longer than necessary in order to assess the situation and take any necessary action.

Our payment facilitation/delivery providers typically do not retain any personal data other than the data that they might have a legal obligation or legitimate interest in retaining (or the data that they already keep in relation to your individual use of their payment/banking services). Please see the relevant privacy policy of the payment facilitation/delivery provider that has been engaged in the sale/delivery of our product to find out more.

2.4.3 When wishing to communicate transactional/essential information in connection with your purchase or use of our products or services

Summary: When you purchase a product or service from us (or have done so in the past) and we consider it necessary (or are legally required to do so), we may send you emails with transactional/essential information (i.e. emails about your order having been successfully placed, changes of product delivery dates, information regarding a potentially serious issue that might affect your product, updates and changes to our policies and terms, etc.).

When: When you purchase a product or service from us or have done so in the past and we deem it necessary to reach out to you with important information or are required to do so by law.

Data: We may process any data/information you disclose to us during your purchase (such as your name, email address, billing address, shipping address, products ordered and order number) or which we might already have and need in order to formulate our transactional/essential messages.

Purpose: To communicate transactional/essential service-/product-related information to you (i.e. notify you that your order had been placed successfully, inform you of delivery dates, offer assistance regarding the use of our products, inform you of important product issues, updates and changes to our policies and terms, get in touch with you regarding changes to estimated product delivery dates, etc.).

Legal basis: We carry out these processing activities because processing is necessary in order to fulfil the contract that we have concluded with you (i.e. the Terms of Sale you enter into when purchasing a product from us or the End User Licensing Agreement you enter into when registering your account).

We may also be required to perform the above mentioned data processing because we are required to do so under law (i.e. sending you an invoice) or on the basis of our legitimate interests (i.e. providing functioning end safe products). In certain rare cases, the above stated processing might be performed by us in order to protect your vital interests (or the vital interests of another natural person) (e.g. in case of informing you that we have detected a serious issue with a product that had been shipped to you).

Data retention: We typically do not keep communication data after communicating with you. An exception to the aforementioned can be made if messaging or other communication had been performed through the use of a dedicated service (i.e. email, chat module, etc.), whereby we may keep data in such systems for up to 3 years after the receipt of communication.

If such communications took place through social media platforms on which we have our official profiles (e.g. Facebook, Twitter, etc.), please refer to the data retention periods that the providers of such platforms might offer, as data deletion in such circumstances is not solely dependent on us (please see point 4.4 of this notice).

2.4.4 When backing our projects on Kickstarter

Summary: When you back one of our projects on Kickstarter, Kickstarter will allow us to see, store and otherwise process your username, the amount you have pledged, your mailing address for fulfilment, and the reward you have selected, so that we may ship you the backed item and communicate with you to this end. Please note that as a Kickstarter “Creator” we never receive backers’ credit card details or other payment information. We may be legally required to store parts of such data for up to 7 or 10 years under applicable tax and other legislation. We may also consider your email address as information that belongs to our “existing customers” (whereby we might be legally allowed to send such backers further marketing communication in relation to our new products and projects, depending on where you are located and the applicable rules of the Kickstarter platform).

When: When you decide to back one of our projects on Kickstarter.

Data: Your username, the amount you have pledged, your mailing address for fulfilment, and the reward you have selected. Please note that as a Kickstarter “Creator” we never receive backers’ credit card details or other payment information.

Purpose: Data you share with us through the Kickstarter platform is first collected by Kickstarter, PBC (together with its subsidiaries/affiliate companies Drip U.S., LLC, The Creative Independent, LLC), namely the company behind the platform that is acting as the data controller. When you decide to back our project we get to use this data in order to legally ship you the reward you have selected and send you transactional emails (e.g. order status, invoice, etc.).

Your contact and shipping data is shared with our delivery services, whereby these parties may be considered as individual data controllers or processors, as the case may be.

This data may also be processed by us when we are required to comply with legal requirements and other regulations, especially those governing the control of personal data, taxes, invoicing and payments (see point 4.2.2 of this notice).

We may also consider your email address as information that belongs to our “existing customers”, whereby we might be legally be allowed to send backers further marketing communication in relation to our new products and projects, depending on where you are located and the applicable rules of the Kickstarter platform (see point 2.5.1 of this notice to find out more).

Legal basis: Contractual (i.e. the concluded contract you enter into when you agree to the Kickstarter Terms of Use while registering an account on the platform and when you decide to back our project).

Data retention: We may retain a minimized set of the aforementioned data that includes your contact information and shipping information (such as your name, email address, shipping address, products backed and “order” number) until the expiration of the statutory period under which we may be held liable in relation to any possible hidden defects on the products we have sold you (i.e. up to 3 years, depending on where you are located). This does not include any data that you might have given us on any other grounds or for any other purposes (i.e. data that we process for marketing purposes based on your consent, data that relates to your registered user account, etc.).

We may also retain certain data on the grounds of our legitimate interest if we detect reasonable grounds that fraud or attempted fraud had taken place in relation to the sale (or distribution) of our products. Such data shall not be kept longer than necessary in order to assess the situation and take any necessary action.

Our payment delivery providers typically do not retain any personal data other than the data that they might have a legal obligation or legitimate interest in retaining (or the data that they already keep in relation to your individual use of their services). Please see the relevant privacy policy of the delivery provider that has been engaged in the delivery of our product to find out more.

2.5. General marketing activities

2.5.1 When sending email marketing messages to existing customers

Summary: When you purchase a product on our website or elsewhere, certain EU/USA legislation gives us the right to send you email marketing messages that contain information on our similar products and services. Every email you receive as a result of this shall always contain an “unsubscribe” link, and we shall never share your email with any other entity or market products or services that do not belong to us or may not be considered “similar” to those that you had originally purchased from us.

When: When you purchase a product from us through our website or through other means.

Data: Your email address and past purchase history with us, as well as information regarding whether you have opened/clicked on links in our email messages.

Purpose: Keeping you informed of similar products and services that we offer.

Legal basis: Our legitimate interests (i.e. under certain EU legislation we are legally allowed to send email marketing messages on an opt-out basis if the recipient’s details were originally collected “in the context of a sale”, if the entity sending the marketing is the same legal entity that collected the recipient’s details initially (i.e. us), the marketing relates to “similar” products and/or services for which the recipient’s details were originally obtained, and you as the recipient are given the opportunity, free of charge, to object to our email marketing, both at the time when your details had been collected and in each subsequent communication (i.e. by clicking the “unsubscribe” link that is contained in each of our marketing emails).

Note that we shall not sell or share your email and other related data with any other third party and shall only use it within the service which we use for sending such emails.

Data retention: Until we receive your unsubscribe/data deletion request or if you have not opened our marketing emails for more than 3 years, whereby your data shall be permanently deleted in all of these cases.

2.5.2 Sending email marketing messages to new consenting customers

Summary: When you consent to receiving our marketing messages (e.g. newsletters, product waitlist messages, new product launch notifications, discounts etc.) via email or other channels we shall send marketing messages to the email address that you entered for this purpose, whereby every email shall always contain an “unsubscribe” link. You can also withdraw your consent at any time by sending a free form email to privacy@robinsnote.com. We shall not sell or share your email and other related data with any other third party.

When: When you’re open to hearing from us and consent to receiving our various email marketing messages (e.g. newsletters, product waitlist messages, new product launch notifications, discounts, etc.) via email from time to time.

Data: When marketing to an individual, we typically process the individual’s email address. We may also process the name of the individual (and potential other information) if this has been explicitly stated next to the input fields where the individual entered said data and consented to the processing.

Purpose: In order to send newsletters, product waitlist messages, new product launch notifications, discounts, surveys, promotion codes, information on contests and other marketing messages to consenting individuals to their email address.

Legal basis: We carry out these processing activities on the basis of your consent.

To withdraw consent, you can send a free form email to privacy@robinsnote.com at any time or follow the unsubscribe link included in all of our marketing emails.

Note that we shall not sell or share your email and other related data with any other third party and shall only use it in the service which we use for sending emails.

Data retention: Until we receive your unsubscribe/consent withdrawal or data deletion request or if you have not opened our marketing emails for more than 3 years, whereby your data shall be permanently deleted in all of these cases.

2.6 Other company operations

2.6.1 When responding/applying to our open job postings as a potential candidate

Summary: If you respond or apply to any of our open job postings, we may process the data we receive from you in order to evaluate you as a candidate and carry out the necessary hiring procedures. We will not keep any data after the hiring procedure ends if we do not receive your explicit consent for doing so. The data might be shared with external HR firms we might employ to help us with the hiring process.

When: When you respond/apply to our open job posting as a potential candidate through a dedicated online form or reach out to us for this purpose via email.

Data: The data that we might require as part of your application will be stated next to the job posting or dedicated online application form. We typically consider your general contact details (full name, email address, place of residence, age, nationality) as well as any information you might have included in your resume or CV and the details about your current or past employment or other working experience. We may also process any other information you elect to share with us for this purpose as well as any information you have made public on the Internet (such as your blog, GitHub or LinkedIn page).

Purpose: In order to evaluate you as a candidate and carry out the necessary hiring procedures and interviews.

Note that we may share the data with external HR firms we might employ to help us with the hiring process (please see point 4.4 of this notice).

Legal basis: We carry out these processing activities on the basis of entering into negotiations for the conclusion of an (employment) or other work contract.

Should you explicitly consent to this, we may keep your data after the conclusion of the hiring process in order to keep you posted of any future job opportunities that may interest you. To withdraw consent, you can send a free form email to privacy@robinsnote.com at any time or follow the unsubscribe link included in all of our job posting emails.

Data retention: Until the conclusion of the hiring procedure or until we receive your consent withdrawal or data deletion request or if you have not opened our job posting emails for more than 3 years, whereby your data shall be permanently deleted in all of these cases.

3. Data processed in connection with the RobinsNote: Smart Bird Feeder and corresponding iOS and Android applications

Please note: While the vast majority of all photos and recordings captured with RobinsNote smart feeders contain no personal data, we take privacy seriously and have prepared this notice and our policies to specifically address cases where your feeder might have inadvertently captured information on an identifiable natural person (e.g. faces, outlines of individuals, car license plates, recognizable house features and numbers, metadata, etc.). We protect such information as personal data and process it as indicated below.

Please keep in mind that your RobinsNote feeder is not a surveillance, security, or commercial monitoring device and should never be used for such purposes.

You are ultimately the one responsible for any photos or recordings that you capture with the feeder and may be considered as a “data controller” in relation to any personally identifiable information contained in the photos or recordings.

You are also the one responsible for storing, sharing or posting your photos or recordings online and elsewhere and for following local privacy and other applicable laws.

Make sure to check out our Quick Privacy Guide before setting up and using your feeder.

We do not sell personal data of any individuals.

3.1 Sign-up, sign-in and collecting general analytical data when using the app

3.1.1 When signing up or signing in to our app by providing your email and login credentials

Summary: We process your username, email, password and the IP of the device you are accessing the app on for account sign-up and authorization purposes so that you can register an account with us and use your feeder through our app. We also use your email in order to communicate essential service/product related information.

When: When you sign up or sign in to use our app either as a regular, premium or trial user by providing your email and login credentials.

Data: We process your username, email, password and the IP of the device you are accessing the app on. We may also process certain technical data such as data logs (for technical support purposes) and your account customization preferences.

Purpose: Sign-up and sign-in account authorization as well as account management and security purposes so that you can use your feeder through our app.

We use the email that is tied to your account in order to offer you password management and restoration capabilities as well as technical and customer support and in order to communicate essential service-/product-related information to you (i.e. inform you of important product issues, updates and changes to our policies and terms, etc.) whereby this may also be achieved through push notifications.

Legal basis: Contractual (i.e. the End User Licensing Agreement you are required to accept when registering your account).

Data retention: Until you decide to delete your user account.

Note that we may irreversibly anonymize and keep such anonymized data that has been tied to your account indefinitely (whereby this data shall not be attributable to you in any way).

3.1.2 When signing in to our app through the “Login with Facebook” “social log-in” option

Summary: We offer third-party “social log-in” as a fast and easy way of signing into the app, whereby using this sign-in method might mean that in addition to our registration and general app usage purposes your data might also be processed for analytical or marketing purposes by Meta Platforms Inc. as the third-party sign-in provider (as a data controller) and its marketing partners, whereby this may include automated processing and profiling on the part of Meta Platforms, Inc. If you do not agree to this, please do not proceed with this sign-up option and choose our regular sign-up process instead.

When: When you sign in to use our app by choosing the “Log in with Facebook” option.

Data: Data tied to your Facebook account, namely your Facebook profile email, public profile information and profile picture.

Purpose: By using the “Log in with Facebook” service to sign in and use our app, you shall be sharing certain data as described below with us and Meta Platforms Inc., for sign-up and sign-in account authorization as well as account management, support and essential notification purposes, whereby we shall be acting as the data controller in relation to the data we receive from you or Facebook in this way, and Facebook shall continue acting as the individual data controller in relation to the data that you have created or will create when you interact with its platform and other services (please refer to its privacy policy here for such cases).

Legal basis: Contractual (i.e. the End User Licensing Agreement you are required to accept when registering your account and the agreement you as a user have in place with Meta Platforms, Inc. for using its platform and services).

Data retention: Until you decide to delete your Facebook account, remove your Facebook account from our app or send us your data deletion request via a free form email to privacy@robinsnote.com.

Note that we may irreversibly anonymize and keep such anonymized data that has been tied to your account indefinitely (whereby this data shall not be attributable to you in any way).

3.1.3 When signing in to our app through the “Sign in with Google” “social log-in” option

Summary: We offer third party “social log-in” as a fast and easy way of signing into the app, whereby using this sign-in method might mean that in addition to our registration and general app usage purposes, your data might also be processed for analytical or marketing purposes by Alphabet Inc. (as a data controller) as the third-party sign-in provider. If you do not agree to this, please do not proceed with this sign-up option and choose our regular sign-up process instead.

When: When you sign in to use our app by choosing the “Sign in with Google” option.

Data: Data tied to your Gmail account, namely your email, language settings, user ID, name and image URL.

Purpose: By using the “Sign in with Google” service to sign in and use our app, you shall be sharing certain data as described above with us and Alphabet Inc., for sign-up and sign-in account authorization as well as account management, support and essential notification purposes. Please note that Google shall continue acting as the individual data controller in relation to the data that you have created or will create when you interact with its websites and other services, and may even collect, store and process usage data tied to your Google account and your use of our app (please refer to its privacy policy here for such cases).

Legal basis: Contractual (i.e. the End User Licensing Agreement you are required to accept when registering your account and the agreement you as a user have in place with Alphabet Inc. for using its email and services).

Data retention: Until you decide to delete your Gmail account, remove your Gmail account from our app or send us your data deletion request via a free form email to privacy@robinsnote.com.

Note that we may irreversibly anonymize and keep such anonymized data that has been tied to your account indefinitely (whereby this data shall not be attributable to you in any way).

3.1.4 When signing in to our app through the “Sign in with Apple” “social log-in” option

Summary: We offer third party “social log-in” as a fast and easy way of signing into the app. We may thereby receive certain log-in information relating to your Apple ID from Apple Inc. as the third-party sign-in provider, should you choose this sign-in method. If you do not agree to this, please do not proceed with this sign-up option and choose our regular sign-up process instead.

When: When you sign in to use our app by choosing the “Sign in with Apple” option.

Data: Data tied to your Apple account, namely your email, name and Apple ID.

Purpose: By using the “Sign in with Apple” service to log in and use our app, you shall be sharing certain Apple account information as described above with us for sign-up and sign-in account authorization as well as account management, support and essential notification purposes, whereby we shall be acting as the data controller in relation to the data we receive from you or Apple Inc. in this way. Please note that Apple shall continue acting as the individual data controller in relation to the data that you create when you interact with its devices, websites and other services (please refer to its privacy policy here for such cases).

Legal basis: Contractual (i.e. the End User Licensing Agreement you are required to accept when registering your account and the agreement you as a user have in place with Apple Inc. for using its email and services).

Data retention: Until you decide to delete your Apple account, remove your Apple account from our app or send us your data deletion request via a free form email to privacy@robinsnote.com.

Note that we may irreversibly anonymize and keep such anonymized data that has been tied to your account indefinitely (whereby this data shall not be attributable to you in any way).

3.1.5 When using the RobinsNote: Smart Bird Feeder app we may collect general analytical data so that we may make improvements to our app and offer technical support – not applicable to EEA users

Summary: We may collect and process general analytical data (such as session time, app updated status, app crash status, feeder stream status data, etc.) from users who are not from countries within the European Economic Area, so that we may offer technical support and gain insights which may allow us to make improvements to our app. We do not use this data to identify you and do not combine it with other data we might have for any other purposes other than offering individual technical support (when requested). We use Mixpanel Inc. and other services in order to collect and process this data (see point 4.4 of this notice).

When: When you open, sign in and use our app and you do not reside in the EEA.

Data: We process data on your page visits (i.e. screens inside of the app), data on whether your app has crashed, whether streaming function has been triggered or stopped, when the app had first been opened (necessary for identifying app versions), as well as the length of your app use sessions.

This data is not collected in relation to users who do not reside in the EEA, whereby we may also collect and process your IP/non-precise feeder location data in order to determine if this is applicable.

When offering technical support, we may also combine this data with other data we might have in relation to you so that we may infer: your Wi-Fi status, your feeder device ID, your distinct ID, your country/region/city (based on your IP or manual input of your non-precise feeder location data), the app build number/version, your device model/manufacturer, your OS version and the dimensions of your screen.

Purpose: So that we may offer technical support and make improvements to our app. We also use this data when planning our next update or analyzing systemic issues that users have reported.

We do not use this data to identify you and do not combine it with other data we might have for any other purposes other than offering individual technical support (when requested).

Legal basis: Our legitimate interest.

Data retention: Until you decide to delete your account or send us your data deletion request via a free form email to privacy@robinsnote.com.

Note that we may irreversibly anonymize and keep the analytical data that has been tied to your account indefinitely (whereby this data shall not be attributable to you in any way).

3.1.6 When using the RobinsNote: Smart Bird Feeder app you may allow us to track your activity inside of the app with Meta SDK across other apps and websites so that we may measure and optimize advertising efficiency

Summary: We may collect certain device information (such as your e’s unique identifier, operating system, and advertising ID) from users who had consented to this (clicked the Allow button in the in-app pop-up), so that we may share this data with Meta Platforms Inc. (i.e. Facebook) (see point 4.4 of this notice) in order to measure and optimize our advertising efforts.

When: When you give us your explicit consent (i.e. click the Allow button in the in-app pop-up).

Data: We process device information data (this includes the device’s unique identifier, operating system, and advertising ID), app usage data (this includes the app’s name, version, and the date and time it was opened), event data (this includes information about the events that occur within the app, such as purchases, registrations, and level completions) and ad targeting data (this includes information about the ads that the user has seen or clicked on).

Purpose: We share this data with Meta Platforms Inc. (i.e. Facebook) to help us measure the effectiveness of our advertising campaigns and to improve the targeting of our ads. It is also used to provide insights into the usage of our apps and to develop new features and products. The data collected by the SDK can be used to track users across different apps and websites. The data can also be used to target users with ads.

Legal basis: Consent.

Data retention: Until you decide to delete your account or send us your data deletion request via a free form email to privacy@robinsnote.com.

Users can also choose to opt out of data collection by the Meta SDK. This can be done by changing the settings on their device or by uninstalling the app.

3.2 Creating, storing and sharing photos and recordings made by your feeder

3.2.1 When pairing your feeder with your device and using it to create photographs (i.e. postcards) or other recordings (i.e. video/sound recordings) or feeds

Summary: By choosing to pair and use your feeder, you are allowing us and our service providers (see point 4.4 of this notice) to store and process via automated your IP address, account username, feeder name, non-precise feeder location data as well as all recorded content, its metadata and timestamps, so that we may provide you with the “smart” functions of your bird feeder. This data is used for generating, storing and displaying postcards, recordings and feeds, improving bird recognition models and in rare cases – subjected to manual or automated processing by other people or research entities for bird identification, troubleshooting, data anonymization and research purposes. Publicly sharing any recorded content will only be done if you choose to do so in each particular case. Please also note that choosing the “Remove” option in relation to a photo/recording in the app does not immediately cause the permanent deletion of such data (see point 4.3. of this notice).

When: When your feeder detects activity with its sensors and begins making and storing photos / recordings and using our machine learning algorithms to analyze them (i.e. even if such photos / recordings are not offered to you as postcards or other content).

Data: Photos and recordings that your feeder recorded and stored as well as their metadata and your IP address, account username, feeder name, timestamp and non-precise feeder location data.

Purpose: We store and process the above stated data via automated means in order to pair your feeder with your device and offer you the “smart” functions of your bird feeder (i.e. generating, storing and displaying postcards and recordings/video feeds as well as providing and improving our machine learning models and bird recognition services). In rare cases, we may subject the photos and recordings that your feeder has recorded to manual review by people that we employ for manual bird identification/tagging, troubleshooting and data anonymization purposes.

We do not sell or share this data with any other third parties (other than those we engage solely in connection with achieving the above mentioned purposes, as listed under paragraph b) of point 4.4.3 of this notice) and do not use this data to identify you by combining them with other data we might have about you for any other purposes other than those stated above.

Please see point 3.2.4 below to learn more about how we might reach out to you when we would like to use your postcards, recordings or other data for our own marketing purposes.

Legal basis: Contractual (i.e. the End User Licensing Agreement you are required to accept when registering your account, whereby providing personalized AI bird recognition services/content is a key component of our Smart Bird Feeder product/service).

Data retention: Until you decide to delete your account or send us your data deletion request via a free form email to privacy@robinsnote.com.

Please note that choosing the “Remove” option in relation to a photo/recording in the app does not immediately cause the permanent deletion of such data (see point 4.3 of this notice). We may subject the data you wish to delete to algorithmic or manual anonymization in a way which shall prevent the postcard or recording from being attributable to you in any way and continue storing and processing such anonymized data in connection with our machine learning models, with all of the non-anonymized data being permanently deleted (see point 4.8 of this notice to learn more).

3.2.2 When choosing to share your invitation code and allowing others to connect to your feeder and receive postcards

Summary: Should you choose to share your feeder with a family member or friend, you may send him your invitation code. In such situations, we shall automatically allow your guest to review/save the same postcards and other recordings that your feeder had recorded and offered to you. Guests are allowed to add such content to their own collections (even when you have not added such content to your own collection). Guests get to see your feeder name and non-precise feeder location data as well as photo/recording timestamps. Guests may keep their own collected postcards or recordings in their app.

Please keep in mind that your RobinsNote feeder is not a surveillance, security, or commercial monitoring device and should never be used for such purposes. You are ultimately the one responsible for any photos or recordings that you capture with the feeder and may be considered as a “data controller” in relation to any personally identifiable information contained in the photos or recordings (see the highlight at the start of section 3 to learn more or check out our Quick Privacy Guide).

When: When you decide to share access to your feeder by sharing your invitation code with family members or other individuals you trust.

Data: Your feeder stream, photos, recordings that your feeder recorded and were offered to you as postcards or other content, whereby guests can also see your feeder name and non-precise feeder location data as well as photo/recording timestamps.

Purpose: When you share your invitation code with a guest, we allow your guest to review/save the same postcards and other recordings that your feeder had recorded and offered to you. Guests are allowed to add such content to their own collections (even when you have not added such content to your own collection).

Legal basis: Contractual (i.e. providing you with essential product/service functionalities that are under your control).

Data retention: Until you or the guest decide to remove the postcard or recording in the app.

You or a guest may also decide to delete your account or send us your data deletion request via a free form email to privacy@robinsnote.com.

Please note that we cannot delete or anonymize any content that is not stored inside of our app (i.e. content that guests have stored, published or disseminated elsewhere), whereby you should only share access to your feeder with people you trust.

3.2.3. When we would like to use your photos/recordings for our marketing and product development purposes

Summary: If we would like to use your photos/recordings for our own marketing and product development purposes, we shall reach out to you (e.g. on social media where you posted your photo) and obtain your consent.

When: When we would like to use your photos/recordings for our own marketing and product development purposes.

Data: Photos/recordings that have been made with your feeder and which you have added to “Your Collection” or shared with the community or posted elsewhere on the web (i.e. to our official social media pages and profiles), or other content that you might have created with your other devices, as specified in the consent form.

Purpose: So that we may process such content for our marketing purposes (which may include the content being uploaded to the company’s website/social media platforms, shared with advertising platforms, used in other online or offline ads and incorporated into our other products and services, as specified in the consent form.

Legal basis: Consent (i.e. we might lead you to an online version of our dedicated “user-generated-content” consent form which may be offered in the app, on our website, in physical form or elsewhere).

Data retention: Until you decide to withdraw your consent. Where consent is withdrawn, we shall delete/anonymize any data we or our processors/service providers have kept on the basis of your consent.

Additionally, every effort will be made to remove relevant personal data from products/marketing campaigns and other distributions. However, this may not be possible in some situations, and in such cases, certain personal data that cannot be removed or otherwise anonymized (e.g. blurred) may still appear in publications, products and other media already in use or circulation.

3.2.4 When using the “Take a Note” feature in relation to any postcards or other recordings that you might have added to “Your Collection”

Summary: Using a photo/recording in connection with the “Take a Note” service makes the photo/recording visible inside of the app for a limited time (i.e. until a sufficient amount of votes had been cast in a given period) to other app users who are participating in the “Take a Note” program as well as our ornithologists, whereby sharing a photo/recording in this way also makes your username and your feeder’s general location visible. Please note that we cannot fully prevent individuals from making screenshots, screen captures and using other means to potentially illicitly store your shared content outside of the app. Make sure to see our Quick Privacy Guide prior to sharing any content. Please also note that you are solely responsible for capturing and sharing images/recordings and other data in a way that respects the privacy of others as well as all applicable laws.

When: When you decide to use a photo/recording in connection with the “Take a Note” feature inside of the app so that other users or our experts can help you identify the subject of a photo/recording.

Make sure to see our Privacy Quick Guide prior to sharing any content. Please also note that you are solely responsible for capturing and sharing images/recordings and other data in a way that respects the privacy of others as well as all applicable laws.

Data: The photo/recording you decide to share in this way, together with your username and the approximate location that is tied to the feeder that took the photo/recording.

Purpose: Upon your request (i.e. choosing the “Take a Note” feature in relation to a photo/recording, we make the data that you are sharing visible to other app users who are participating in the Wing Buddy program as well as our ornithologists.

Legal basis: Contractual (i.e. providing you with essential product/service functionalities that are under your control).

Data retention: Until you decide that the photo/recording should no longer be shared with the community, whereby you can save it to your phone and remove it from the app. The content also stops being shared if not enough bird identification “votes” are cast in a certain time period by users that are participating in the Take a Note program.

Please note that we cannot fully prevent individuals from making screenshots, screen captures and using other means to potentially illicitly store your shared content outside of the app. You may also decide to delete your account or send us your data deletion request via a free form email to privacy@robinsnote.com.

3.3 Sharing photos and recordings made by your feeder and other related data with international research entities

Summary: We may also disclose certain photos/recordings or other data (such as non-precise feeder location data, timestamps, etc.) to scientific organizations involved in data processing that is tied to archiving in the public interest, scientific or historical research purposes or statistical purposes (i.e. international ornithology research organizations). We shall only do so when you have either explicitly authorized us to do so (i.e. gave us your explicit consent) or where we or our research partners might have legitimate interests in processing this data for research purposes that are in the public interest. We shall endeavor to put sufficient data protection measures in place prior to sharing your data with researchers and strive towards only offering data which had been either minimized or had been sufficiently and irreversibly anonymized.

When: When scientific organizations involved in data processing for archiving in the public interest, scientific or historical research purposes or statistical purposes (hereinafter together also referred to as ‘scientific research’) reach out to us with a request for using photos/recordings or other data (such as non-precise feeder location data, timestamps, etc.) in their scientific research.

Data: The photos/recordings or other data (such as non-precise feeder location data, timestamps, etc.) that is required for scientific research in a given case.

Purpose: The purpose that is tied to each particular case of scientific research is defined by the research organization. As per Article 89 of the GDPR we only cooperate with research organizations that can prove that they are seeking the data for purposes that are tied to archiving in the public interest, scientific or historical research purposes or statistical purposes.

Legal basis: Legitimate interest (when research is conducted in the public interest) or the consent of the individual owner of the feeder that took the photo/recording (when research is tied to purposes that are not strictly in the public interest or where appropriate safeguards cannot be sufficiently implemented due to the requirements of the particular research case).

Data retention: Until the expiration of the research period that is tied to a particular research case, whereby all research entities that we cooperate with need to fully disclose and prove to a sufficient degree, that the data they require is actually tied to their research, that it shall be fully protected and minimized to the level that is strictly necessary for said research and that it shall only processed in connection with their research and for the least amount of time that is viable for the particular research case.

Should you request that none of your data is ever included in any research program, feel free to send us your request via a free form email to privacy@robinsnote.com.

For more information on how we share and protect your data for research purposes, please see section 4.5.2 of this notice.

4. Additional general information

4.1 How we might obtain your personal data

Summary: We use different methods to collect data from and about you, including: Direct interactions, Automated technologies or interactions, Third parties or publicly available sources.

Direct interactions

You may give us information about you by filling in forms or by communicating with us by phone, email or otherwise. This includes information you might provide when creating an account in order to use our app, subscribe to our newsletter, search for a product online with a tracking cookie from our partners installed on your device, place an order through our website, enter one of our competitions, promotions or surveys and when reporting a problem with our website or a bug in our app.

Automated technologies or interactions

As you interact with our website, we may automatically collect technical data about your device, browsing actions and patterns by using cookies and other similar technologies as specified above in section 2 of this notice and in our Cookie Policy.

We may also receive information that relates to you (or another individual) if such information had been recorded with your feeder when it detected activity with its sensors and started making and storing photos / recordings and using our machine learning algorithms to analyze them (see point 3.2.1 of this notice).

Third parties or publicly available sources

We may receive information about you if you visit other websites that place tracking cookies from our partners on your device (see our Cookie Policy to find out more). You may also post some of your information publicly online (i.e. post one of your postcards to our social media pages or profiles) whereby we may process your social media handle in order to reach out to you (i.e. to ask if you would be willing to allow us to use your postcard for our marketing purposes).

4.2. Additional explanations regarding the legal bases that we may use in order to carry out our processing activities from sections 2 and 3 of this notice:

4.2.1 When conducting processing activities in order to comply with a legal obligation

Summary: Our organization may occasionally process personal data for the purposes of complying with legal requirements and other regulations, especially those governing taxes, invoicing and payments (an example of this may include a court, inspector or other holder of public authority ordering our organization to provide it with access to certain information which may include personal data).

This may also be the case if someone else had filed for criminal or other legal procedures to be instituted against us by local or international law enforcement agencies or other tax and regulatory bodies, which might therefore contact our organization for additional details (e.g. when data from our database would have to be presented as evidence in criminal or civil proceedings, otherwise our organization would suffer material and irreparable damages). Note that we shall only fulfil such requests if specifically required by local or international law and shall adhere to anonymizing or at least minimizing any personal data that we are required to share.

In the above stated cases we will always strive to fulfil the request with full transparency, except in cases where this might not be possible as (in accordance with a particular request of an authorized body) notifying the public of such request might endanger the proceedings at hand.

4.2.2 When our processing activities are based on our legitimate interests or the legitimate interests of research entities with which we cooperate

Summary: In certain cases (i.e. when evaluating the threat of fraud), we may rely on our legitimate interests in order to process certain payment-, order- or account-related data or the legitimate interests of third (i.e. international research organizations) as described in sections 3.3. and 4.5.2 of this notice.

Our legitimate interests can also include instances where we process your personal data for our own internal business purposes and commercial interests, such as our own marketing activities (i.e. sending you marketing emails when you are our past customer unless consent is required under applicable laws, as described in point 2.3.1 of this notice), and offering additional customer and technical support.

Legitimate interests can also be displayed or claimed by third parties with which we cooperate (i.e. international research organizations) as described in sections 3.3. and 4.5.2 of this notice.

4.2.3 When our processing activities are based on your consent

Summary: When you will have given your consent for the processing of your data for one or more specific purposes (such as sending email marketing messages to new consenting customers as described in point 2.3.2 of this notice), your consenting to the processing of personal data is voluntary, whereby you may withdraw your consent at any time by contacting us at privacy@robinsnote.com (or by clicking the “unsubscribe” link found in each of our marketing emails). If you do not provide personal data or if you withdraw your consent, this may mean that we will not always be able to fulfil the purposes for which we had collected the data.

Where consent has been withdrawn, we shall delete/anonymize any data we or our processors/service providers have kept on the basis of your consent.

4.2.4 When processing activities are necessary for the performance/negotiating of a contract

Typical situations as mentioned in sections 2 and 3 of this notice include your acceptance of our terms of sale when purchasing our products and your acceptance of our End User License Agreement when setting up your account.

This also includes instances when we need to communicate (i.e. negotiate) with you so that you may decide to enter into a contract with us (i.e. buy our product, accept a job position with us, etc.).

4.3 How long do we store your personal data and when do we delete/anonymize it?

Summary: choosing the “Remove” option in relation a photo/recording in the app does not immediately cause the permanent deletion of such data, since under the End User License Agreement we reserves the right to store and process photos/recordings that have been added or removed from a user’s collection in order to improve our machine learning models until such data is permanently removed (i.e. deleted) by you.

Should you decide to permanently remove (i.e. delete) a photo/recording please navigate to the relevant content/account deletion options in the app or contact us at privacy@robinsnote.com, whereby we may, in accordance with our legitimate interests and to the extent permitted by applicable laws, subject the data you wish to delete to algorithmic or manual anonymization (i.e. anonymizing (blurring) photo/recording backgrounds, sounds or otherwise editing the recordings, removing metadata, IP data, feeder ID data, non-precise feeder location data and other potential data in a way which shall irreversibly prevent the photo/recording from being attributable to you or any other person in any way), and continue storing and processing such anonymized data in connection with our machine learning models. All non-anonymized data will be permanently deleted.

Please also note that photos/recordings may also be shared with international research entities conducting ornithological or otherwise relevant research (see point 4.5.2 of this notice).

Our data retention periods depend on the legal basis and purpose of processing and are clearly stated for each type of data and data processing activity in sections 2 to 3 above (or in our Cookie Policy).

Unless otherwise stated, we generally keep personal data for as long as it is necessary to fulfil the purpose for which the data had been collected, or for as long as legal obligation or regulation requires us to keep the data. After that, the data is deleted or anonymized, as mentioned above.

Our organization undertakes to immediately remove any unnecessary data or data for which it has no legal grounds for processing/storing or regarding which the data retention periods have been exceeded.

4.4 Who might process your personal data and who do we share it with

4.4.1 Certain employees within our organization or subsidiaries and affiliated organizations

Summary: Your personal data is processed by individual employees of our organization or our external collaborators.

Your personal data is processed by individual employees of our organization or our external collaborators (hereinafter: “employees”). Employees of our organization process only the personal data that they need for their work, but they can also share it with each other if their work tasks and the internal rules of our organization allow them to do so. All of our employees are committed to confidentiality and the protection of personal data.

Based on certain corporate events or changes in the ownership or structure of our organization (i.e. our company being acquired) your data may also be shared with our subsidiaries or affiliate companies (both present and future). This includes instances such as corporate divestitures, mergers, consolidations, acquisitions, reorganizations, or any other situation involving the transfer or disposal of our business or assets, as well as the business or assets of our affiliates/subsidiaries. This may also apply in the context of bankruptcy or similar proceedings.

4.4.2 Public authorities

In certain cases, as prescribed by applicable law, our organization must hand over your personal data to the competent state authorities which may have explicit legal grounds for reviewing certain data in the context of criminal, financial, tax or other types of official procedures/supervision. In certain cases, our organization is compelled to provide data to third parties if such an obligation to provide or disclose the data is imposed on our organization by law or on the basis of a valid legal right of a third party (see point 4.2.1 of this notice).

4.4.3 Our processors/service providers

In addition to the employees in our organization, employees of entities that we engage so that they help us achieve the processing purposes described in sections 2 and 3 of this notice (hereinafter: “processors/service providers”), may also process personal data as confidential and only within the scope of the data processing agreement/standard contractual clauses, which have been concluded/put in place in relation to the processors/service provider in question.

The processors/service providers may only process personal data in accordance with the relevant data processing agreement/standard contractual clauses, and may not use the data to pursue any other purpose or interest.

To obtain a detailed list of all of our processors/service providers, which data they process, the purposes we employ their processing/services for, as well as how we keep your data safe when engaging them, feel free to reach out to us at privacy@robinsnote.com.

The processors/service providers with whom we cooperate for providing our products and services (as per section 2 and 3 of this notice) are:

a) Processors/service providers that we may engage in connection with data processing activities that relate to our websites, communication, sales and delivery of our products, our general marketing and other company operations

Cookie providers: We use third party necessary, analytical and advertising cookie providers which are listed in our dedicated Cookie Policy.

Payment facilitators: We use payment facilitators such as:

Shopify Inc. (https://www.shopify.com/legal/privacy/app-users),

MasterCard International, LLC. (https://www.mastercard.us/en-us/),

Stripe Inc. (https://stripe.com/en-si/legal/privacy-center)

PayPal Holdings Inc. (https://www.paypal.com/us/legalhub/)

Apple Inc. (https://www.apple.com/legal/privacy/data/en/apple-pay/)

Alphabet Inc. (https://payments.google.com/payments/)

Delivery providers: We use different delivery/logistics services, depending on your location, such as:

The United States Postal Service (https://about.usps.com/who/legal/privacy-policy/)

FedEx Corporation (https://www.fedex.com/en-us/trust-center/global-privacy)

DHL (https://lot.dhl.com/privacy-notice/)

Our website/web store provider: Our website and its online store are built on and partially provided by Shopify Inc. (https://www.shopify.com/legal/privacy/customers), whereby you might be sharing your contact and order information/payment information (when using the ShopPay payment module to order your product from our website)/delivery location information as well as other potential information with Shopify Inc. and its partners when purchasing products or otherwise interacting with our website (see the relevant parts of section 2 of this notice to learn more).

Other apps and plugins we might use in connection with our website or communication channels: please reach out to us at the email provided below to learn more.

b) Processors/service providers that we may engage in connection with data processing activities that relate to the RobinsNote: Smart Bird Feeder and corresponding RobinsNote: Smart Bird Feeder iOS and Android applications

Third-party “social log-in” providers: As mentioned in points 3.1.2 to 3.1.4 of this notice, we offer third-party “social log-in” as a fast and easy way of signing into our app, whereby using this sign-in method might mean that in addition to our registration and general app usage purposes, your data might also be processed for analytical or marketing purposes by the provider of the social log-in service. See when and how this might be applicable in the relevant sections above or check out the privacy policy of the relevant provider here:

Meta Platforms Inc.: https://www.facebook.com/privacy/policy/

Alphabet Inc.: https://policies.google.com/privacy?hl=en-US

Apple Inc.: https://www.apple.com/legal/privacy/data/en/apple-id/

Analytics providers: We use third party analytics such as Mixpanel for the purposes of delivering our services and conducting analyses and research. To obtain more information about how your data is being processed, see their terms of service at: https://mixpanel.com/legal/privacy-policy/.

Hosting our app and protecting stored data: We use Amazon Web Services llc. (AWS) as our dedicated cloud hosting provider. The servers AWS employs in connection with the data that it stores for us are protected by specialised data security measures and dedicated services, such as the AWS CloudHSM and the AWS Key Management Service, which allow us to securely generate and manage data encryption keys. We also use AWS Config and AWS CloudTrail for monitoring and logging capabilities. To obtain more information on how said company may process the data we share with it, please see their privacy policy at https://aws.amazon.com/privacy/

Dedicated customer support messaging: We offer a dedicated external customer support tool which allows users to obtain fast responses to their questions and technical issues, whereby this service is provided to us by Zendesk Inc. To obtain more information on how said company may process the data we share with it, please see their privacy policy at https://www.zendesk.com/company/agreements-and-terms/privacy-notice/.

c) Other third-party service providers that we use for debugging, general app functioning and machine vision (i.e. bird recognition) purposes

Sentry: Our app uses Sentry software for tracking bugs, whereby this service is provided to us by Functional Software Inc. To obtain more information on how said company may process the data we share with it, please see their privacy policy at https://sentry.io/terms/#privacy.

Firebase Services: The App uses Firebase software for notifications and loading remote configurations, whereby this service is provided to us by Alphabet Inc. To obtain more information on how said company may process the data we share with it, please see their privacy policy at https://firebase.google.com/support/privacy

Lightstep: Our app uses Lighstep software for backend monitoring (debugging, tracking server events and requests), whereby this service is provided to us by Lightstep Inc., a subsidiary of ServiceNow Inc. To obtain more information on how said company may process the data we share with it, please see their privacy policy at https://lightstep.com/privacy-policy

Grafana Cloud: Our app uses Grafana Cloud software for on-call operations, application logs, application metrics and infrastructure monitoring, whereby this service is provided to us by Raintank Inc. To obtain more information on how said company may process the data we share with it, please see their privacy policy at https://grafana.com/legal/privacy-policy/?plcmt=footer

V7: Our app uses the V7 data platform for computer vision which assists our AI bird recognition, whereby this service is provided to us by V7 Ltd. To obtain more information on how said company may process the data we share with it, please see their privacy policy at https://www.v7labs.com/terms/security

d) Other companies or individual consultants we may engage or cooperate with in the provision of our services that may need access to certain parts of your data

Consultants who cooperate with our organization on the basis of relevant business and data processing agreements so that they can provide us with their accounting, legal, marketing, HR and other consulting services.

External IT system maintenance providers and/or platform/service developers who cooperate with our organization on the basis of relevant business and data processing that may gain limited access to our back-end or databases.

Other apps and plugins we might use in connection with the RobinsNote: Smart Bird Feeder and corresponding RobinsNote: Smart Bird Feeder iOS and Android applications: please reach out to us at privacy@robinsnote.com.

4.5 Transferring personal data to third countries and international organizations / research organizations and measures for protecting such transferred data

4.5.1 Engaging contractual processors/service providers have their place of business registered in the USA or in other “third countries”

Summary: We operate globally and are thereby obliged to transfer your personal information to our main entity which is registered in the USA. The sale of our products and the provision of our services also require that we engage contractual processors/service providers as specified in sections 2 to 3 and point 4.4, whereby many of these processors/service providers have their place of business registered in the USA (or in other non-EEA countries where the GDPR is not applicable or where the requirements of the GDPR are not adequately reflected in national privacy laws, as the case may be).

As stated above, many of our processors/service providers have their place of business registered in the USA (or in other non-EEA countries where the GDPR is not applicable or where the requirements of the GDPR are not adequately reflected in national privacy laws, as the case may be) (hereinafter: “third countries”).

As stated above, we thereby regularly engage contractual processors/service who may process personal data on our behalf in third countries, whereby we only do so with the appropriate safeguards in place so that your data is safe and your data subject rights are respected.

Following decision C-311/18 (Schrems II) of the CJEU and the fall of the EU-US Privacy Shield we have reached out to our US-based processors/service providers and decided on alternative safeguards on a case-by-case basis in accordance with the guidance of the European Data Protection Board.

Where we could not put in place such appropriate safeguards (such as standard contractual clauses, data encryption, automated data deletion intervals, etc.), we ask for your specific consent before processing/sharing your data. More details on third country service providers and the measures taken to ensure your rights can be found in point 4.4 of this notice.

In addition to the purposes and providers listed in sections 2, 3 and point 4.4 of this notice, your data may also effectively be considered as transferred (i.e. disclosed) in the following situations, where we might have legitimate interests in buying/selling our assets in connection with entities that are registered in third countries:

If we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets that may be registered in a third country (whereby we shall only do so if all applicable confidentiality and security requirements are offered to us by any potential buyer and their organization). Please note that we shall only do so if all applicable confidentiality and security requirements are offered to us by any potential buyer and their organization and shall never disclose any data in this way if the processing of such data had been carried out on the basis of your explicit consent.

If all or a substantial part of our assets are acquired by a third party that may be registered in a third country whereby our assets may include parts of your data. Please note that we shall only do so if all applicable confidentiality and security requirements are offered to us by any potential buyer and their organization and shall never disclose any data in this way if the processing of such data had been carried out on the basis of your explicit consent.

Your data may also effectively be considered as transferred (i.e. disclosed) if we are required on the basis of EU law or the law of a Member State to disclose or share your personal data with an international organization / public authority or other entity that might be registered in a third country, whereby we are required to do so to comply with a legal obligation.

4.5.2 Disclosing data to international research organizations

Summary: We may also disclose certain photos/recordings or other data (such as non-precise feeder location data, timestamps, etc.) to scientific organizations involved in animal research (i.e. international ornithology research organizations).

We shall only do so when you have either explicitly authorized us to do so (i.e. gave us your explicit consent) or where we or our research partners might have legitimate interests in processing this data for research that is in the public interest.

We shall endeavor to put sufficient data protection measures in place prior to sharing your data with researchers and strive towards only offering data which had been either minimized or sufficiently and irreversibly anonymized (i.e. anonymizing (blurring) postcard/recording backgrounds, removing photo/recording metadata / IP data / feeder ID data, non-precise feeder location data and other potential data in a way which shall prevent the postcard or recording from being attributable to you in any way).

Please note that certain data may not always be anonymized (such as non-precise feeder location data) as this could make the content unusable or unsuitable for the particular research purpose in question. In these situations we shall conduct a “Legitimate Interest Assessment” and shall consider what implications sharing such content for the purposes of a particular research program might have for you as an individual.

In cases where anonymization of certain parts of the data might compromise the research purposes that are being pursued by the research organization, we shall either obtain the prior explicit consent of all applicable users prior to sharing their data or implement other sufficient safeguards.

If the research organization in question is registered or set up in a third country, we shall put in place the same appropriate safeguards (such as standard contractual clauses, data encryption, automated data deletion intervals, etc.) that we employ with our other third country processors/service providers (as stated above in point 4.5.1) or ask for your specific consent before processing/sharing your data.

You can obtain more detailed information on specific data transfers, safeguards and potential third country processors/service providers or research organizations we may be cooperating with by sending your questions to privacy@robinsnote.com.

4.6 Processing special categories of personal data

We do not knowingly process special categories of personal data.

4.7 What rights do you have in connection with your personal data and how can you exercise them?

You can contact us at any time and without hesitation at privacy@robinsnote.com in connection with this notice or regarding the processing of your personal data by our organization and our processors/service providers.

You can also contact us at the email mentioned above in order to send us your specific requests and for exercising your other rights which relate to your personal data and applicable local legislation or the GDPR. If we have reasonable doubts concerning your identity, we may request additional information to verify your identity.

As a data subject of the EEA, the GDPR gives you the opportunity to exercise the following rights with our organization as the controller of your personal Data: Right of access, Right to rectification, Right of objection, Right to data portability, Right to restrict data processing, Right of erasure (“right to be forgotten”), Right to refuse or withdraw consent, Automated decision-making, Right to lodge a complaint with a supervisory authority.

Right of access

You have the right to obtain confirmation from us on whether personal data or personally identifiable information is being processed by us or our processors/service providers and the right to obtain a copy of your personal data that is being processed.

Right to rectification

You have the right to request the rectification of inaccurate personal data and to have incomplete data completed.

Right of objection

You have the right to object to the processing of your personal data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. You also have the right to object/opt out of the processing of your personal data for direct marketing purposes by clicking on the unsubscribe link at the bottom of our marketing emails or by contacting us at privacy@robinsnote.com.

Right to data portability

You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.

Right to restrict data processing

You have the right to request the restriction of processing your personal data in certain cases.

Right of erasure (“right to be forgotten”)

You may request to erase your personal data if (i) it is no longer necessary for the purposes for which we had collected it, (ii) you have withdrawn your consent and no other legal ground for processing exists, (iii) you objected and no overriding legitimate grounds for processing exist, (iv) the processing is unlawful, or erasure is required to comply with a legal obligation.

Right to refuse or withdraw consent

In case we request your consent for processing, you are free to refuse it and can withdraw it at any time without any adverse negative consequences by contacting us at privacy@robinsnote.com. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.

Automated decision-making

Under the GDPR you have the right not to be subject to decisions based solely on automated processing and have the right to be given more information about why any such decision has been made. Note that this is currently not applicable to our processing activities (see 4.8 of this notice).

Right to lodge a complaint with a supervisory authority

If you believe that the processing of personal data performed in connection with you by our organization as the controller violates personal data protection regulations, you may, without prejudice to any other (administrative or other) remedy, lodge a complaint with the supervisory authority, in particular in the country where you have your habitual residence, your place of work or where the infringement is alleged to have taken place.

4.8 Existence of automated decision-making and profiling

At the time of the publication of this notice, we do not carry out automated decision-making activities as referred to in Article 22(1) and (4) of the GDPR in connection with our websites, products and services.

Should this change, we will update this notice, and both inform you and make clear that you have the right not to be subject to decisions based solely on automated processing and shall give more information about why any such decision has been made.

4.9 Processing the personal data of persons under 16 years of age

Our organization does not knowingly collect or otherwise process the personal data of persons under 16 years of age, as our products and services are not intended or directed towards such persons. However, our organization may collect personal data regarding children below the age of 16 years of age directly from their parent or guardian, and with that person’s explicit consent.

If our organization subsequently finds out that it has processed the personal data of such a person without the consent of their parent or guardian, our organization shall do everything necessary to delete all provided personal data.

At the address privacy@robinsnote.com, the above described persons or their parents or guardians shall be able to submit their requests for the deletion of the data concerned at any time.

4.10 Who can you contact for further clarification regarding the processing of personal data in our organization and regarding your rights?

You can contact us at any time and without hesitation at privacy@robinsnote.com.

4.11 Security and protection of personal data

Summary: Our organization carefully stores and protects personal data through organizational, technical and logical procedures and measures to protect data from accidental or intentional unauthorized access, destruction, alteration or loss, and unauthorized disclosure or other form of processing not explicitly stated in sections 2, 3 and point 4.4, or to which you have not expressly consented to.

To this end, our organization has also adopted appropriate internal processes and set up various measures (e.g. assigning, using and changing passwords, locking premises, offices, server and workstation locations, regularly updating software and upgrading security-critical components, the physical protection of materials/data carriers containing personal data in specially designated places, the training of employees, etc.). Our organization also demands these security commitments from its contractual processors.

5. Privacy information for California residents

5.1 Applicability of this section

If you are a California resident (as defined in section 17014 of Title 18 of the California Code of Regulations), California law requires us to provide you with some additional information regarding your rights with respect to your “personal information” as defined in the CCPA.

5.2 Information on whether we disclose or sell personal data of CA residents

Summary: In the preceding twelve (12) months we have not sold any personal information prior to the last update that had been made to this notice.

We disclose your personal information for a business purpose to the following categories of third parties: our subsidiaries or affiliated companies (i.e. businesses that are related to or associated with our company through common ownership, control, or some form of contractual relationship) our other processors/service providers (see point 4.4 of this notice), third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you (when we engage such affiliates/service providers as controllers and when data processing is being carried out by them for our own lawful purposes that had been previously communicated to you and when a data protection agreement is in place).

We have disclosed the following categories of personal data for a business purpose in the 12 months prior to the last update that had been made to this notice: identifiers, demographic information, commercial information, internet or other electronic network activity information, non-precise feeder location data, audio, electronic, visual, or similar information, professional or employment-related information, inferences drawn from any of the previously stated information.

We only disclose your personal data to third party processors/service providers in order to achieve the purposes of the processing activities described in sections 2, 3 and point 4.4 of this notice or when you have consented to such disclosure, whereby such third-party processors/service providers have concluded a data processing agreement with us (or offered similar safeguards) to ensure your rights are respected. A list of our third-party processors/service providers can be found in point 4.4 of this notice or obtained by reaching out to us via the email or phone number listed at the end of this section.

5.3 Information on the rights of CA residents

Summary: The CCPA provides Californian residents with the following rights: Right to know, Right to delete, Right to opt out, The right to non-discrimination.

Right to know (i.e. request disclosure of any personal information we have collected about you).

You have the right to request the disclosure of the categories of personal information we have collected from you, along with the categories of sources from which they have been collected, the purpose of their collection, the categories of third parties with whom we have shared your personal information (“Categories Report”), and the specific pieces of personal information that have been collected (“Specific Pieces Report”).

You may request that we disclose which personal information we have collected, used, shared, or sold in relation to you, and why we have collected, used, shared, or sold that information. Specifically, you may request that we disclose:

The categories of personal information collected.

Specific pieces of personal information collected.

The categories of sources from which we have collected the personal information.

The purposes for which we have used the personal information.

The categories of third parties with whom we have shared the personal information.

The categories of information that we sell or disclose to third parties.

We shall provide you this information for the 12-month period preceding your request. We shall provide you this information free of charge.

To request the above stated information, please send your request to privacy@robinsnote.com. Please allow 45 days for our response. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can oblige such a request.

Right to delete (i.e. request deletion of any personal information that we have collected from you).

After we have verified your request to delete your personal information, we shall delete it from our servers/records and direct any of our processors/service providers to delete your personal information from their servers/records, except when certain exemptions from the relevant parts of the CCPA are applicable (e.g. in cases where the personal information is necessary so that we may continue to provide our services), such as the continued training of our machine learning and bird recognition algorithms on your postcards / recordings (especially when they do not contain any personally identifiable information) and in order to detect security incidents, to identify and repair errors that impair existing intended functionalities of our products and services, to engage statistical research in the public interest (i.e. our cooperation with international ornithology research organizations as mentioned in point 4.5.1 of this notice, or to comply with a legal obligation).

Right to opt out (of the sale of your personal information).

You may request that we stop selling your personal information, whereby this is currently not applicable as we do not currently sell any personal information.

The right to non-discrimination (when exercising your CCPA rights).

We will not discriminate against you in any manner prohibited by applicable law for exercising your CCPA rights (as listed above).

5.4 Information on how CA residents may contact us in order to exercise their rights

In addition to contacting us through our dedicated email address privacy@robinsnote.com, you can also exercise any rights under the CCPA or request further information regarding your rights by calling us at (269) 250 4661 during our official office hours, whereby standard rates may apply.

6. Document version and updates

Version and date of the last update of this notice

The text of this notice represents version 1.0. of this document.

This notice was last updated on January 15, 2024.