Privacy Policy for App and Interactive Map

RADIACODE LTD (“we”, “us”, “our”) value your privacy and are committed to transparency in how we handle your personal data. This Privacy Policy lets you know how and for what purposes we are processing your information. We pledge that we will take reasonable steps to ensure that your personal data will only be used in ways that comply with this Privacy Policy and applicable regulations.

This Privacy Policy governs the processing of personal data in your interactions with us, including when you: (1) use our Radiacode App (the “App”), (2) use RadiaVerse interactive radiation portal including the Interactive map (the “RadiaVerse”) (collectively the “Product(s)”), (3) communicate with us and as otherwise described in this Privacy Policy.

Before you share any personal data with us, please review this Privacy Policy and our End User License Agreement (the “EULA”) and Terms and Conditions (the “Terms”).

When you choose to use our website, please understand that this Privacy Policy describes how your personal information is collected and used.

1. Who we are?

RADIACODE LTD is duly incorporated in and registered under the laws of the Republic of Cyprus, with a registered office at 10 Spyrou Kyprianou, 4040 Limassol, Cyprus. We act as a “data controller”. It means we determine the purposes and means of the processing of personal data.

Since we are registered under the law of the Republic of Cyprus, the personal data authority overseeing us regarding the personal data processing is Commissioner for Personal Data Protection. You always have the right to make a data protection related complaint at any time to a supervisory authority. You may also contact your local data protection authority. A list of local data protection authorities is available here.

If you would like to exercise your data protection related rights you can submit your request to us via e-mail: security@radiacode.com.

2. How do we process personal data?

We process your personal data only when it is necessary to achieve the purpose of the personal data processing and only to the extent necessary to achieve the purpose of the processing. Furthermore, we keep your personal data for a limited period of time and once the processing period has expired, we delete all existing copies of your personal data.

We apply technical and organisational measures and safeguards to protect your data from accidental or unlawful destruction, loss, alteration, disclosure, or access. These safeguards include:

• performing regular vulnerability assessments and security scans;

• applying organisational and legal measures, such as restricting employee access to personal data, conducting annual awareness trainings, and ensuring accountability for any unauthorised disclosure or misuse;

• designing and maintaining privacy-focused user journeys;

• carrying out data protection impact assessments to ensure ongoing compliance with privacy principles and legal requirements.

We also ask you to take care of your data security – log out after using shared or public computers.

Below we have provided you with a full description of the data processing purposes, what personal data we process, legal basis of data processing and information about the retention period.

For users of the Interactive Map (RadiaVerse Website)
Sign in via Google
Processed personal data
  • Email
  • Name
  • Profile image/photo
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Received via Google authentication API

Storage period

Until the user deletes the account and up to 6 years thereafter to protect the organization’s legitimate interests within applicable Cypriot limitation periods.

Sign in via Apple ID
Processed personal data
  • Email
  • Name
  • Profile image/photo
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Received via Apple authentication API

Storage period

Until the user deletes the account and up to 6 years thereafter to protect the organization’s legitimate interests within applicable Cypriot limitation periods.

Sign in via Email
Processed personal data
  • Email
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Collected directly from the data subject

Storage period

Until the user deletes the account and up to 6 years thereafter to protect the organization’s legitimate interests within applicable Cypriot limitation periods.

Account management
Processed personal data
  • Email
  • Name
  • Profile image/photo
  • Tracks
  • Points
  • Last upload
  • Total distance
  • Max dose rate
  • Device model
  • Device serial number. When you upload a track, the device’s serial number is transmitted together with the track data. This serial number is used solely by the company for purposes such as diagnostics, and customer support. Uploaded serial number is only accessible to the company.
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Collected directly from the data subject

Storage period

Until the user deletes the account and up to 6 years thereafter to protect the organization’s legitimate interests within applicable Cypriot limitation periods.

Filling the interactive map and publishing radiation level data
Processed personal data
  • Username
  • Date of sending radiation level data
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Collected directly from the data subject

Storage period

Until the user deletes the account and up to 6 years thereafter to protect the organization’s legitimate interests within applicable Cypriot limitation periods.

Maintaining the correct operation, tracking problems
Processed personal data
  • Device information (device type, features used, access times, IP)
  • Usage information (manufacturer, model, OS, timezone, language, region)
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Collected directly from the data subject’s device

Storage period

Within approximately 30 days, and no later than 90 days from the date on which the technical event or log was generated.

Processing of customer support inquiries for analysis, issue resolution, and routing to relevant internal departments to ensure high-quality service
Processed personal data
  • Email address, category of the issue, other data provided in issue and correspondence
Legal basis for the processing

Contract (GDPR Art. 6(1)(b))

Data source

Collected directly from the data subject

Storage period

Retained for the duration of the inquiry and up to 6 years thereafter to establish or defend potential legal claims within applicable Cypriot limitation periods.

Cookies

The RadiaVerse Website uses cookies to ensure the proper operation of the site and to provide a convenient and secure user experience. A cookie is a piece of data that can be stored on the browser of your computer or mobile device you use to access the Website. It enables the Website to “remember” your activity or preferences for a certain period of time or during a specific session. The information does not always identify you, but it can give you a more personalized web experience.

For information about the specific cookies and tracking technologies we use, their providers, retention periods, and how you can manage your preferences, see our Cookie Notice.

For users of the RadiaCode App
Maintaining the correct operation, tracking problems
Processed personal data
  • Device information (device type, features used, access times, IP)
  • Usage information (manufacturer, model, OS, timezone, language, region)
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Collected directly from the data subject's device

Storage period

Within approximately 30 days, and no later than 90 days from the date on which the technical event or log was generated.

Processing of customer support inquiries for analysis, issue resolution, and routing to relevant internal departments to ensure high-quality service
Processed personal data
  • Email address
  • category of the issue
  • other data provided in issue and correspondence
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Collected directly from the data subject

Storage period

Retained for the duration of the inquiry and up to 6 years thereafter to establish or defend potential legal claims within applicable Cypriot limitation periods.

Use of the App, its functionality (sending information about radiation level in the area)
Processed personal data
  • Location data (including real-time geographic location of your computer or device)
Legal basis for the processing

Art. 6(1)(a) GDPR — Consent

Data source

Collected directly from the data subject's device

Storage period

Until consent is withdrawn or no longer necessary for the purpose.

Registration of an account for using our App and Interactive map
Processed personal data
  • Google ID, email address of the integrated Google account, or Apple ID, email address of the integrated Apple account
  • username
  • image / photo
Legal basis for the processing

Art. 6(1)(b) GDPR – Contract (EULA)

Data source

Collected directly from the data subject

Storage period

Until the user deletes the account and up to 6 years thereafter to protect the organization's legitimate interests within applicable Cypriot limitation periods.

Tracking and analyzing trends, usage, and actions related to the App in order to better understand the using of the App and improve it
Processed personal data
  • Device Information
  • Usage Information
Legal basis for the processing

Art. 6(1)(a) GDPR — Consent

Data source

Collected directly from the data subject's device

Storage period

Until consent is withdrawn or no longer necessary for the purpose.

3. Sharing your data with third parties

Your privacy is of utmost importance to us, and we handle your personal data with the highest level of care and responsibility. While we endeavor to minimize the sharing of your personal data, there are certain circumstances where it becomes necessary to disclose it to third parties.

We share your personal data in such cases:

a. to comply with applicable law.

We are committed to complying with all applicable laws, regulations, and legal obligations. In certain situations, we may be required to disclose your personal data to comply with legal requirements, such as to respond to subpoenas, court orders, or other lawful government requests. We may also share your personal data if we believe in good faith that such disclosure is necessary to protect our rights, enforce our EULA, Terms, investigate fraud, or protect your safety.

b. to accomplish the purposes set forth above.

In an effort to provide an exceptional experience, we work closely with a select group of trusted partners and service providers. These partners play an important role in supporting various aspects of our business, thereby enhancing the quality of the Products. When selecting the partners with whom we share your personal data, we take a cautious approach, ensuring that we only work with companies that take strict measures to protect personal data from unauthorized access, disclosure, or misuse. For that we may use the following categories of providers:

a. Hosting providers

We take responsibility for the storage of your personal data and store it only with trusted hosting providers.

b. Third parties that provide support services for us to communicate with you

We may share and disclose your personal data to the following categories of data processors:

  • Customer support platform providers
  • Communication and email service providers
  • Internal communication and collaboration tools

c. Authentication providers

To ensure secure access to your account, we use trusted authentication services. These providers allow you to log in without creating a separate password and help us protect your account against unauthorized access.

International transfers

If we transfer your personal data outside the EEA, we ensure appropriate safeguards in accordance with Chapter V GDPR, such as:

  • Adequacy decision (e.g. EU–US Data Privacy Framework)
  • Standard Contractual Clauses approved by the European Commission
  • Additional technical & organizational measures

4. Rights under GDPR

As a data subject, you have certain rights regarding your personal information. We are committed to upholding these rights and ensuring that you can exercise them effectively.

Below, you can find the information regarding your rights as a data subject under EU legislation:

Right of access

This right allows you to request access to the personal data we hold about you.

To exercise this right, please contact us at the following e-mail address: security@radiacode.com. Upon receiving your request, we will provide you with a copy of the personal data we process in the form in which you have requested the provision of this information. Please note that in some cases we may charge you a reasonable fee for providing this information. If we are unable to fulfill your request for any reason, we will provide you with an explanation and inform you of your rights to appeal the decision.

Right to rectification

This right enables you to request the correction or updating of any inaccurate or incomplete personal data we hold about you.

You can exercise this right by contacting us by e-mail at security@radiacode.com.

Upon receiving your request for rectification, we will review the accuracy and completeness of your personal data and make any necessary corrections or updates.

Right to erasure

This right allows you to request the deletion or destruction of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or processed (or, as we all know, the “right to be forgotten”).

You can exercise this right by contacting us at security@radiacode.com.

Upon receiving your request for erasure, we will assess whether the conditions for erasure are met and, if so, promptly delete or anonymize your personal data from our systems and notify any third parties to whom the data have been disclosed.

Also, we may delete, block or anonymize the personal data that is linked to your account in the Products in accordance with section 11 of the Terms and Conditions and 3.7 of the End User License Agreement.

Right to restrict processing

This right allows you to request the restriction of processing of your personal data in certain circumstances, such as when the processing is unlawful, when we no longer need the personal data, or when you have objected to the processing.

To exercise this right, please contact us at security@radiacode.com. Upon receiving your request to restrict processing, will not process your personal data (except for storage) unless it is based on consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

Right to data portability

This right allows you to receive a copy of your personal data in a structured, commonly used, and machine-readable format if it is technically possible to do so and to transmit those data to another controller.

To exercise this right, please contact us at security@radiacode.com. Upon receiving your request for data portability, we will provide you with a copy of your personal data in the requested format, where technically feasible.

Right to object

This right enables you to object to the processing of your personal data in certain circumstances, such as where the processing is based on legitimate interests or for direct marketing purposes.

To exercise this right, please contact us at security@radiacode.com. Upon receiving your objection to processing, we will assess the validity of your objection and, if valid, cease processing your personal data for the purposes to which you have objected.

Right to withdraw consent

You have the right to withdraw your consent to the processing of your personal data at any time. This means that if we are processing your personal data based on your consent, you have the right to revoke that consent.

To exercise this right, please contact us at security@radiacode.com. Upon receiving your request to withdraw consent if we do not have any other legal basis for processing your personal data, we will stop processing it.

Right to lodge a complaint

If you believe that our processing of your personal data violates applicable legislation, you have the right to lodge a complaint with a supervisory authority.

Please note that these rights are subject to certain limitations and exceptions as provided by law. To exercise any of these rights or for further inquiries, please contact us at at security@radiacode.com.

We will review your request as soon as possible, but not longer than one (1) month following your request. Please keep in mind that this period may be extended for an additional two (2) months, if necessary, based on the complexity and number of requests we have received. If we need to extend the response timeframe, we will tell you about the response extension within one (1) month of receipt of your request and explain the reasons for the delay.

5. Children’s privacy

We do not knowingly collect or solicit your personal data to anyone under the age of 13 (in USA) or 16 (in European Economic Area) or knowingly allow such persons to use our Products. If you are under the age of 13 (or 16, where applicable), please do not provide any personal data to us. If we learn that we have collected personal data about a child under the age of 13 (or 16, where applicable), we will delete that personal data as soon as possible. If you believe that we might have any personal data from or about a child under the age of 13 (or 16, where applicable), please contact us at security@radiacode.com.

6. Changes to the privacy policy

This Privacy Policy may be changed from time to time due to the implementation of new technologies, changes in applicable laws or for other purposes.

When we make changes, we will update the date at the top of this Privacy Policy. Use the date below the title to view earlier versions of this Policy. For material changes that significantly affect your rights or the way we process your personal data, we will take additional steps to inform you, such as:

  • displaying a prominent notice on the Website; and/or
  • sending you an email notification if we have your email address and the changes are relevant to your relationship with us.

By continuing to use the Website, you acknowledge that you have been notified of the changes to this Privacy Policy. If we make any changes that require your explicit consent for further processing of your personal data, we will request your consent or renewed consent (in case it was obtained previously) for such processing before it will begin.