LEGAL INFORMATION

If you have any questions regarding our legal information, feel free to drop us a line at the Contact Us page

Last updated: [Nov.4, 2024]

This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your information when you use the Service and tells you about your privacy rights and how the law protects you.

We use your Personal Data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

We take the protection of your personal and sensitive data seriously, and treat your data in accordance to applicable data protection regulations.

This privacy policy has been developed in line with the provisions of the Bahrain Personal Data Protection Law (No. 30 of 2018) ("PDPL") which came into effect on 1 August 2019.

Information provided by you on behalf of a wholly or partially incompetent data owner shall be considered within the limits of the law of Bahrain if you are the legal guardian, executor or custodian of the data owner. By using the Service, you confirm that you are the data owner or the legal guardian, executor or custodian of any individual for whom you provide data.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes at any time.

1. Interpretation and Definitions
Interpretation
The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for you to access our Service or parts of our Service.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

Application means the software program provided by the Company which may be downloaded by you on any electronic device, named ChillUP.

Company (referred to as either "the Company", "we", "us" or "our" in this Agreement) refers to CHILLUP MOBILE APPLICATION W.L.L, Office 31, Entrance 1711, Road 085, Budaiya Highway, Maqabah, Block 0505, Bahrain.

Country refers to the Kingdom of Bahrain.

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

PDPL means the personal data protection law of Bahrain (Law No. 30 of 2018);

Personal Data is any information that relates to an identified or identifiable individual.

Sensitive Personal Data is any personal information that reveals, directly or indirectly, the individual's race, ethnicity, political or philosophical views, religious beliefs, union affiliation, criminal record or any data related to his/her health or sexual life.

Service refers to the operation by us and your use of the Application and our Website.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website means chillup.app which is the Company's website.

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

2. Data Protection Principles

We will comply with the PDPL. This says that the personal information we hold about you must be: 

  • used lawfully and fairly;
  • collected only for a lawful purpose that we have explicitly specified to you and not used in any way that is not compatible with the purpose for which it was collected;
  • adequate, relevant and not excessive for the purposes for which it was collected;
  • correct, accurate and kept up to date;
  • kept only as long as necessary for the purposes identified; and
  • kept securely.

3. Collecting and Using Your Personal Data
Types of Data Collected
Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Personally identifiable information may include, but is not limited to:

  • email address;
  • date of birth;
  • gender;
  • title, first name, middle names and last name;
  • phone number; and
  • usage data.
Sensitive Personal Data

Sensitive Personal Data, such as information about your health, racial or ethnic origin, require higher levels of protection. We do not intentionally collect Sensitive Personal Data, however, we may collect and process Sensitive Personal Data in the following circumstances:

  • with your explicit written consent; 
  • where we need to carry out our legal obligations;
  • where it is needed to conduct or defend any proceedings; and
  • where it is needed in the public interest.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device.

Use of Your Personal Data

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the rules contained herein, where this is required or permitted by law.

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage your registration as a user of the Service. The Personal Data you provide can give you access to different functionalities of the Service that are available to you as a registered user.
  • For the performance of a contract: to administer our relationship and maintain contractual relations and for the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Service.
  • To contact you: to contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
  • To manage your requests: To attend and manage your requests to us.
  • To deliver targeted advertising to you: we may use your information for marketing and business development and to develop and display content and advertising (and work with third-party vendors who do so) tailored to your interests and/or location and to measure its effectiveness.
  • For business transfers: we may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Service users is among the assets transferred.
  • For other purposes: we may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
  • Legal Obligation: where we need to comply with a legal obligation or where it is needed in the public interest or for official purposes.

We may share your personal information in the following situations:

  • With Service Providers: we may share your personal information with Service Providers to monitor and analyze the use of our Service, to advertise on third-party websites to you after you visited our Service, for payment processing, to contact you.
  • For business transfers: we may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
  • With Affiliates: we may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
  • With business partners: we may share your information with our business partners to offer you certain products, services or promotions.
  • With other users: when you share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
  • With your consent: we may disclose your personal information for any other purpose with your consent.
  • With courts, police or other legal or regulatory authorities: we may disclose your personal information to courts, police or other legal or regulatory authorities if we are required to do so by law or by court order.
Information Collected while Using the Application

While using our Application, in order to provide features of our Application, we may collect, with your prior permission, information regarding your location.

We use this information to provide features of our Service, to improve and customize our Service. The information may be uploaded to the Company's servers and/or a Service Provider's server or it may be simply stored on your device.

You can enable or disable access to this information at any time, through your Device settings.

4. Failing to Provide Information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations.

5. Retention of your Personal Data and Usage Data 

The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We may store your Personal Data in both physical and digital formats. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, accounting or reporting purposes and to enforce our legal agreements and policies

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a user of our services, we will retain and securely destroy your personal information in accordance with our data retention policy.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and the transfer of personal will take place to an organisation/country outside of Bahrain there will be adequate controls in place to secure your data.  

6. Data Disclosure

We will only disclose your Personal Data to third-parties outside of Bahrain in the following circumstances:

when explicitly requested by you;
to perform our obligations under a contractual arrangement with you; or
as compelled by a court order or by any other legal or regulatory requirement.
Third-party recipients of personal data may include:

professional advisors such as law firms, tax advisors or auditors;
insurers;
audit regulators;
tax and customs and excise authorities;
regulatory and other professional bodies;
the courts, police and law enforcement agencies;
government departments and agencies;
service providers;
emergency services.
Our Website may include links to third-party websites, plug-ins and applications which are not maintained or controlled by us. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. 

7. Transfer of your Personal Data

The PDPL sets out the circumstances under which Personal Data may be transferred outside of Bahrain. Except in the circumstances described in above section “Data Disclosure”, where you have explicitly consented to your personal data being disclosed to any third-party or parties, we will only disclose your personal data to such third-party or parties where they have undertaken, in advance and in writing, to maintain the confidentiality, integrity and security of the personal data concerned, in accordance with applicable laws.

Certain personal data will be transferred outside Bahrain in order to provide the Services to you. We minimise the quantity and type of personal data that must be transferred in this manner. If we do transfer your personal information outside of Bahrain, you can expect a similar degree of protection in respect of your personal information.

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

8. Your Legal Rights

Under the provisions of the law in Bahrain, you are provided with the following rights in relation to the processing of your Personal Data:

You have the right to request and obtain information on your Personal Data that we hold and the purpose for which it is maintained by us.
You have the right to object to being contacted by us for direct marketing purposes. On receipt of such objection, we will ensure that you are removed from the relevant marketing databases, as applicable. To opt-out from the receiving direct marketing communications, please contact us at any time at [email protected].
You may submit an application to request to rectify, block or erase your Personal Data, as the case may be, if the processing thereof is done in contravention of the provisions of the law, and in particular, if the data is incorrect, incomplete or not updated, or if the processing thereof is illegal.
At any time, subsequent to providing consent, you have the right to withdraw the consent provided. Withdrawal of consent will be applicable to future use of the Personal Data and will not in any way impact legitimate use of the personal information prior to the withdrawal of the consent. Withdrawal of consent to process certain Personal Data relating to the Services provided by us may result in our inability to continue the provision of those Services.
You may submit a complaint to the Personal Data Protection Authority of Bahrain.
To exercise your rights under the law, you may be required to authenticate yourself with adequate proof of identity. This is another security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

9. Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred which becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose your Personal Data in the good faith belief that such action is necessary to:

comply with a legal obligation;
protect and defend the rights or property of the Company;
prevent or investigate possible wrongdoing in connection with the Service;
protect the personal safety of Users of the Service or the public;
protect against legal liability.

10. Security of your Personal Data

The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

11. Detailed Information on the Processing of your Personal Data

The Service Providers we use may have access to your Personal Data. These third-party vendors collect, store, use, process and transfer information about your activity on our Service in accordance with their Privacy Policies.

12. Data security

We have put in place measures to protect the security of your information. Details of these measures are available upon request.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure. 

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

13. Email Marketing

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

We may use Email Marketing Service Providers to manage and send emails to you.

Mailjet
Their Privacy Policy can be viewed at https://www.mailjet.com/legal/privacy-policy/

14. Payments

We may provide paid products and/or services within the Service. In collecting payments for such products and/or services, we may use third-party services for payment processing (e.g. payment processors) including Tap (referred to below).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

Tap
Their Privacy Policy can be viewed at https://www.tap.company/en-bh/privacy 

15. Behavioural Remarketing

The Company uses remarketing services to advertise to you after you accessed or visited our Service. We and our third-party vendors use cookies and non-cookie technologies to help us recognize your Device and understand how you use our Service so that we can improve our Service to reflect your interests and serve you advertisements that are likely to be of more interest to you.

These third-party vendors collect, store, use, process and transfer information about your activity on our Service in accordance with their Privacy Policies and to enable us to:

measure and analyze traffic and browsing activity on our Service;
show advertisements for our products and/or services to you on third-party websites or apps;
measure and analyze the performance of our advertising campaigns.
Some of these third-party vendors may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. You can use the following third-party tools to decline the collection and use of information for the purpose of serving you interest-based advertising: 

[the NAI's opt-out platform: http://www.networkadvertising.org/choices/
the EDAA's opt-out platform http://www.youronlinechoices.com/
the DAA's opt-out platform: http://optout.aboutads.info/?c=2&lang=EN/
You may opt-out of all personalized advertising by enabling privacy features on your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android). See your mobile device Help system for more information.

We may share information, such as hashed email addresses (if available) or other online identifiers collected on our Service with these third-party vendors. This allows our third-party vendors to recognize and deliver you ads across devices and browsers. To read more about the technologies used by these third-party vendors and their cross-device capabilities please refer to the Privacy Policy of each vendor listed below.

The third-party vendors we use are:

Facebook
Facebook remarketing service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/516147308587266

To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation

Instagram
Their Privacy Policy can be viewed at https://help.instagram.com/519522125107875/?helpref=uf_share

16. Children's Privacy

Through the Service children under the age of 13 may participate in activities that involve the collection or use of personal information. 

We may limit how we collect, use, and store some of the information of between 13 and 18 years old. 

We may ask a User to verify its date of birth before collecting any personal information from them. If the User is under the age of 13, the Service will be either blocked or redirected to a parental consent process..


Information Collected from Children Under the Age of 13

The Company may collect and store persistent identifiers such as cookies or IP addresses from Children without parental consent for the purpose of supporting the internal operation of the Service.

We may collect and store other personal information about children if this information is submitted by a child with prior parent consent or by the parent or guardian of the child.

The Company may collect and store the following types of personal information about a child when submitted by a child with prior parental consent or by the parent or guardian of the child:

first and/or last name;
date of birth;
gender;
telephone number;
parent's or guardian's name;
parent's or guardian's email address.
For further details on the information we might collect, you can refer to the "Types of Data Collected" section of this Privacy Policy. We follow our standard Privacy Policy for the disclosure of personal information collected from and about children.

Parental Access

A parent who has already given the Company permission to collect and use his child personal information can, at any time:

review, correct or delete the child's personal information; and
discontinue further collection or use of the child's personal information
To make such a request, you can write to us using the contact information provided in this Privacy Policy.

17. Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

18. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

19. Contact Us

We take your privacy seriously. If you believe that there has been an alleged breach of privacy of your Personal Data or if you have any questions about this Privacy Policy, you can contact us by email at [email protected]