Welcome to the EATLAA Mobile Application (hereinafter the “APP”). This policy applies to you and EATLAA, the Developer of the APP, irrespective of your country of residence or location.

This Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum to make sure you understand the information we collect, why we collect it, how it is used and your choices regarding your information.

The Data Controller

The person that is responsible for your information under this Privacy Policy (the “data controller”) is:

EATLAA PTE LTD

contact@eatlaa.com

Welcome to our Privacy Policy, which explains how we collect, store, protect and share your personal information and with whom we share it. We recommend that you read this privacy policy together with our terms and conditions. This Privacy Policy sits in line with Singapore’s Personal Data Protection Act (PDPA) and the EU`s General Data Protection Regulation (GDPR).

While you use the APP and our digital services, we collect some information about you. In addition, you may choose to use the APP to share information with other users.

Overview of processing operations

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data

• Content data

• Contact data

• Meta/communication data

• Usage data

Purposes of the processing

• Provision of the APP and user experience

• Direct marketing

• Contact requests and communication

• Reach measurement

• Security measures

• Provision of contractual services and customer service

• Administration and response to enquiries

Relevant legal basis

In the following, we inform you about the legal basis of the PDPA and the GDPR on the basis of which we process personal data. If more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

o   Consent - The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.

o   Performance of a contract and pre-contractual enquiries - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject's request.

o   Legitimate interests - Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

Security measures

We take appropriate technical and organisational measures in accordance with the law, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

However, you must understand that no web site or Internet transmission is completely secure. Therefore, we can never guarantee that unauthorised access, hacking, data loss and other incidents can be completely excluded.

Your rights

The data protection laws in your country may give you the following rights:

·         Right to information: what personal data a company processes and why (this notice).

·         Right of access: You can request information about data collected.

·         Right to rectification: If data collected is not correct, you can ask for it to be corrected.

·         Right to erasure: Under certain circumstances, you can request the erasure of your data.

·         Right to restriction of processing: In certain circumstances, you can request the further processing of your data, but the data will remain stored.

·         Right to data portability: You can have the data collected about you transferred to another provider in a machine-readable format.

·         Right to object: In certain circumstances (including where your data is processed on the basis of legitimate interests or for marketing purposes) you may object to processing.

·         Rights in relation to automated case-by-case decisions, including profiling: This includes several rights where data is processed solely by automated means, and this has a legal or significant impact on an individual. In these circumstances, you have, among other things, the right to human intervention in the decision-making process.

If you wish to exercise any of the rights listed above, you can contact us by email at contact@eatlaa.com. For your protection and the protection of all our users, we may need to request certain information from you to help us confirm your identity before we can respond to the above requests.

If you feel that we have not resolved your concern, you have the right to make a complaint at any time. You can also contact your local data protection supervisory authority.

General app accesses

As with every server request, information such as IP address, user agent etc. is transmitted and stored anonymously in the server log for 30 days. The provision of personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data could result in you not being able to use our APP or not being able to use it to its full extent. The legal basis for this data processing is consent.

Network access data

The legal basis for this data processing is contract. Your data will be treated confidentially by us and deleted if you revoke the rights to use it or it is no longer required to provide the services and there is no legal obligation to retain it. The provision of network access data is necessary if you wish to make full use of our APP. However, failure to provide this data could result in you not being able to use our APP or not being able to use it to its full extent.

Installation of our APP

Our APP can be downloaded from the APP stores "Google Playstore". Downloading our APP may require prior registration with the respective APP store and installation of the APP store software.

APP installation via the Google Playstore

You can use the Google service "Google Play" of Google Asia Pacific Pte. Ltd. ("Google"), 8 Marina Boulevard #05-02 Marina Bay Financial Centre Singapore 018981, to install our APP.

As far as we are aware, Google collects and processes the following data;

·         License check,

·         network access,

·         network connection,

·         WLAN connections,

·         location information,

It cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Google as the operator of the Google Play Store. You can find more detailed information in Google's privacy policy, which you can access here: https://policies.google.com/privacy.

Contacting Us

If you contact us and send us general enquiries the contact details you provide, will be stored and used by us to fulfil the purpose associated with the transmission, e.g., to process your enquiry or in the event of follow-up questions.

The basis for this storage and use of your personal data is your consent which you give us by sending the contact form. Insofar as you provide us with your personal data for the purpose of responding to your questions, the entry of personal data is required as without this information, we cannot process your request.

You have the right to revoke your consent to the data processing described above at any time with effect for the future. In this case, we will no longer process your data. Your personal data will be deleted even without your revocation in any case if we have processed your request or if the storage is inadmissible for other legal reasons.

Creating an account and a profile

A user profile will be created for you based on the information you provide during the sign up. Your Email, Name, Profile Picture, Country. You have the option of adjusting, changing, or deleting the information in your profile to edit within the app or by contacting our team.

Facebook and Google Connect are offered as an option to register. When registering via Facebook, or Google you agree to Facebook or Google `s terms and conditions and also consent to certain data from your Facebook or Google profile being transferred to our database.

The data processing carried out in this context is necessary to provide our service on the basis of the requests made by you. The data processing is also based on a legitimate interest, as our interest in providing users with a platform for exchanging information with other users does not conflict with any overriding interest or right of yours. It should be noted that the majority of the data you provide is voluntary.

Profile

As a registered user, you have the opportunity to create a user profile with just a few clicks and details. If you make use of the option, the relevant profile data you provide will be transferred to your profile. Of course, you can change the information at any time via the settings in your profile. When creating a profile, you can submit personal data such as your profile picture, property information, photos and images etc. Content and data are publicly viewable. You have choices about the information on your profile. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.

Push messages

When using the app, you will receive so-called push messages from us, even if you are not currently using the app. These are messages that we send you as part of the performance of the contract, but also promotional information. You can adjust or stop receiving push messages at any time via the device settings of your end device.

Device information

We collect information from and about the device(s) you use to access our APP, including hardware and software information such as IP address, device ID and type, device-specific and app settings and properties, APP crashes, advertising IDs (such as Google's AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, geo location and compass.

How we share information

Our goal is to help you connect with people through food. User information is, of course, mainly shared with other users. We also share some user information with service providers and partners who help us operate the Services, and in some cases with legal authorities.

With our service providers and partners

We use third parties to help us operate and improve our services. These third parties assist us with various tasks, including data hosting and maintenance, analytics, customer support, marketing and security measures.

We may also share information with partners who distribute our services and assist us with advertising. For example, we may share limited information about you in hashed, non-human readable form with advertising partners.

We follow a rigorous vetting process before engaging a service provider or working with a partner. All our service providers and partners should commit to strict confidentiality.

For corporate transactions

We may transfer your information if we are involved in whole or in part in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.

When required by law

We may disclose your information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government/legal investigation, or other legal requirement; (ii) to assist in the prevention or detection of crime (in each case, subject to applicable law); or (iii) to protect the safety of any person.

To enforce legal rights

We may also disclose information: (i) if disclosure would reduce our liability in actual or threatened litigation; (ii) if necessary to protect our legal rights and the legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activities, suspected fraud or other misconduct.

With your consent or at your request

We may ask for your consent to share your information with third parties. In any such case, we will make clear why we want to share the information.

We may use and share non-personal information such as device information, general demographic information, general behavioural information, geolocation in de-identified form, and personal information in hashed, non-human readable form in the above circumstances. We may also share this information with third parties (including, without limitation, advertisers) to develop and deliver targeted advertisements on our Services and on third party websites or applications and to analyse and report on the advertisements you see. We may combine this data with additional non-personal data or personal data in hashed, non-human readable form collected from other sources.

Firebase

The APP uses Firebase tool`s (Firebase Realtime Database for Chat, Firebase Cloud Firestore for Database, Firebase Storage for storing images and videos etc., Firebase Cloud Messaging for push notifications) which are part of the Firebase platform of Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, to obtain statistics on how the APP is used, in particular active user numbers, session length, stability rating and storage time. Answers logs the use of the APP, and we evaluate user behaviour and user activity in general, i.e., not on a personal basis.

For this purpose, the following data is transferred to the Analytics Engine: name and APPStore ID, build version, individual device installation key (e.g., Advertising ID, and Android ID), timestamp, device model, device name, device operating system name and version numbers, the language and country settings of the device, whether a device has the status "jailbreak" "root ", APP lifecycle events and APP activities.

The legal basis for this data processing is our legitimate interest. The data collected via Google will be deleted after 6 months at the latest.

Google Maps

In order to better display and geographically visualise your location and service area to the user, the APP uses Google Maps API. When using Google Maps, Google also collects, processes and uses data about the use of Maps functions by visiting these pages. The terms of use of Google Maps can be found here. Further information on data processing by Google is listed in Google's privacy policy.

Authorisations and Access

We may request access or permission to certain functions from your mobile device (Internet, vibration, storage, location, and Push notifications). The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can your permissions at any time via the Settings Menu.

Uninstall

You can stop the collection of information by the APP by uninstalling it using the standard uninstall procedure for your device. When you uninstall the APP from your mobile device, the unique identifier associated with your device will still be stored. If you reinstall the APP on the same mobile device, we may again associate that identifier with your previous transactions and activities.

Storage period

Unless a more specific retention period is stated within this privacy policy, we will retain your personal data until the purpose for processing it no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

International transfers

Our main operations are based in Singapore and your personal information is generally processed, stored and used in global data centres of Google (Firebase). We take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within Singapore. Where we need to transfer your data outside Singapore, we will use approved standard contractual clauses in contracts for the transfer of personal data to third countries.

Note on data transfer to the USA

Among other things, tools from companies based in the USA are integrated in our APP. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Data Breaches/Notification

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

Obligation to provide personal data

You are not obliged to provide us with personal data, and you may use the app without creating an account. However, depending on the individual case, the provision of certain personal data may be necessary for the full provision of the above services. If you do not provide us with this personal data, we not be able to provide the services in full.

Changes

This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.