In this article, Shreetama Ghosh, pursuing LawSikho Diploma in Cyber Law, Fintech and Technology Contracts discusses and reviewed data use policies of 5 daily used apps
What is a data use policy?
Data use policy is a compulsory legal announcement about how a website operator retains, collects and shares information identifiable. There are legitimate reasons why the website organisation needs to keep data. The websites limit the collection of data by only asking for certain information which is needed to for maintaining the site and satisfying legal requirement.
Example applications reviewed
- Meru Cabs (https://www.meru.in/mobileappprivacypolicy.php)
- Foodpanda (https://www.Foodpanda.in/contents/privacy.htm)
- Gaana.com (https://gaana.com/privacy_policy.html)
- Opera (https://www.opera.com/privacy)
- Goodreads (https://www.goodreads.com/about/privacy)
The data that can be accessed by an app with the user’s consent is known as platform permissions. The consent may be obtained by Meru Cabs by alerting or notifying the user, either before using the app or at its first usage. The permission seeking procedure varies according to the Operation Systems of the device on which the app is being used. The permissions requested by Meru Cabs may change over time and the same will thereafter be communicated to the user.
By using the app, the user agrees that Meru can collect any personal information necessary to provide the requested services and that such information may be disclosed to the service partners for those purposes. They do not sell or rent any such information to any third parties unless they have the user’s permission or are required to do so by law. Meru may also use personal information to send the user promotional information about third parties which he/she may find interesting if the user gives permission.
By visiting and/or ordering services on Foodpanda, the user consents to the collection, use and transfer of his/her information. He/she consents to Foodpanda collecting and using his/her personal information for processing and delivering orders placed and any other service provided. He/she expressly consents to the disclosure of his/her personal information to riders delivering his/her order. He/she also consents to the use of his/her information for advertising and marketing purposes in order to keep him/her informed. The user consents to the disclosure of his/her personal information, to:
- other entities within the Foodpanda group of companies; and
- third parties engaged by Foodpanda to perform functions or provide products and services on their behalf.
By accessing the website or otherwise using the Gaana services, the user consents to the collection, storage, and use of the personal information which he/she provides for any of the services that they offer.
Some Opera products may require the user’s personal data to function properly. Wherever technically possible, they will ask for consent to collect the user’s personal data. A complete list of the data collected and the purpose of collection may vary between their products and services.
- By providing Goodreads with his/her email address, the user consents to their using the email address to send him/her service-related notices. They may also use the email address to send him/her other messages.
- Goodreads does not provide any personally identifiable information to third-party ad servers without the user’s consent.
- Goodreads does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register. No one under age 13 is allowed to provide any personal information to or on Goodreads. If they learn that they have collected personal information from a child under age 13 without verification of parental consent, they will delete that information as quickly as possible.
Opt-in/Opt-out used to Collect Data
- The Meru Cabs app collects location details depending on the granted permissions. Even if this permission is disabled, Meru will be able to read trip locations and the approximate location of the user’s device, based on its IP address.
- Account information may be changed by logging into their app. The user can also request for deletion for his/her account by contacting Meru Cabs customer care. The user’s account information will be deleted only after resolving all the issues related to his/her account.
- Opt-out options are available in the messages sent to the user. Meru will, however, be able to send messages regarding the services used by the user, and about his/her account, even after opting out of this service.
If the user would like to unsubscribe from receiving marketing communications from Foodpanda or does not want them to share his/her personal information with other parties, he has to unsubscribe from the same, requesting his/her personal information to be removed from their mailing list.
Gaana may use its users’ email address or other personally identifiable information to send commercial or marketing messages without his/her consent (with an option to opt-out/unsubscribe).
Some Opera products may require the user’s personal data to function properly. Wherever technically possible, they will ask for consent to collect the user’s personal data and offer him/her the choice to opt-out. The exact set of the data collected, its purpose and opt-out choices depend on the product or service being used.
- If a user provides Goodreads with his/her email id, Goodreads may send him/her service-related notices on the same. They may also use the email address to send him/her other messages. If the user does not want to receive such email messages, he/she may opt out by changing his/her settings. However, he/she cannot opt out of service-related emails.
- It is Goodreads’ policy to provide notifications to their users via email notice, written or hard copy notice, or through conspicuous posting of such notice on their website, provided that the users may opt out of certain means of notification.
Purposes for use of Data and limits thereto
- Meru Cabs requires information to:
- identify a person as a user,
- use in data analytics,
- improve their Services, and
- provide new Services to their users.
- Further, they use a user’s contact details to send trip-related information to him/her as well as their service partners.
- The information is stored for internal record-keeping purposes only. Sometimes, Meru sends information about their new services, special offers and/or other information which the user might find interesting, to his/her email id or mobile number, and they may also contact the user for feedback or market research purposes via the same modes.
- Meru ensures that every user’s information is secure with them and takes appropriate steps to protect such information. To that end, they have implemented security features and strict guidelines to safeguard the privacy of personally identifiable information from unauthorized access and improper use or disclosure, but they cannot guarantee its absolute security. The user is responsible for maintaining the secrecy of his/her unique password and account information, and for controlling access to his/her account, and his/her privacy settings may also be affected by changes to the functionality of his/her device or network.
- By using the app, the user agrees that Meru can collect any personal information necessary to provide the requested services and that such personal information may be disclosed to the service partners for those purposes. Meru does not sell or rent any personal information to third parties unless they have the user’s permission or are required to do so by law. Meru may also use such personal information to send the user promotional information about third parties which he/she might find interesting if the user gives permission to this effect.
- Foodpanda can collect and use the user’s personal information for processing and deliver the order/s placed and any other service provided.
- Foodpanda may disclose the user’s personal information to riders delivering his/her order.
- Foodpanda can use the user’s personal information for advertising and direct marketing purposes in order to keep him/her informed.
- Foodpanda may disclose the user’s personal information to:
- other entities within the Foodpanda group of companies; and
- third parties engaged by Foodpanda to perform functions or provide products and services on their behalf.
- Foodpanda will use all reasonable efforts to maintain the security of personal information and to protect such personal information from misuse and loss and against unauthorised access. However, it does not provide any guarantee regarding the security of personal information. Foodpanda will also destroy any personal information it holds about the user which it no longer requires. The user is responsible for keeping his/her password confidential.
- Gaana may use the user information to maintain, protect, and improve its services and for developing new services. They may also use the user’s email id or other personally identifiable information to send commercial or marketing messages without his/her consent (with an option to opt-out). They may, however, use his/her email address without further consent for non-marketing or administrative purposes.
- Gaana may use “clear GIFs” to track online usage patterns of their users in an anonymous manner, without personally identifying the user. They use this information to deliver web pages upon request, to tailor their Site to the interests of the user, to measure traffic within the Site, to improve the Site quality, functionality and interactivity and to let advertisers know the geographic locations of our visitors.
- Gaana takes appropriate security measures to protect data against unauthorized access or unauthorized alteration, disclosure or destruction. All information collected is securely stored within their controlled and secure database. However, they cannot guarantee the security of their database, nor can they guarantee that information supplied will not be intercepted while transmission. Moreover, any information the user includes in a post is available to anyone with Internet access.
- Opera only processes the user’s data for purposes that are objectively justified by their products and services. They collect data to:
- Improve, debug, and maintain Opera products and services
- Study and personalize user experiences
- Fulfil legal requirements
- Conduct business analysis and research, and marketing campaigns
- Ensure better security and fraud protection
- Send personalized information regarding updates, upgrades, enhancements, surveys, recommendations and/or ads, if they believe them to be relevant for the user.
- Opera treats the user’s personal data as required by the Norwegian data-security laws as well as other national legislations. They require their suppliers to successfully pass security assessments and prove compliance with applicable laws and industry standards. Only a limited number of Opera employees have access to the data collected. They ensure that their internal policies are followed, and immediately correct any non-conformance.
- Goodreads uses the personal information users submit to operate, maintain, and provide to them with the features and functionality of the service. Goodreads never discloses such personal information to any third party unless the user has instructed them to do so.
- Any personal information or content that the user voluntarily discloses for posting becomes available to the public and our business partners. If such user content is removed, copies may be viewable in cached and archived pages or if other users have copied or stored such content.
- Goodreads takes reasonable measures to keep messages that the user sends to other members through the service private. However, even if the user has deleted the message from his/her Goodreads inbox/outbox, copies of the same may be viewable in cached and archived pages or if other users have copied or stored the message.
- The user’s name and, depending on his/her privacy settings, email address, are used when he/she invites another person to join Goodreads, or when he/she requests to add another member to his/her friends’ list.
- Goodreads may use certain information about the user and/or his/her content without identifying him/her as an individual to third parties, for purposes such as analysing the use of the service, diagnosing issues, maintaining security, and personalizing ads and promotions.
- If Goodreads develops special sites in cooperation with other companies, and a user registers there, they may share the user’s registration information with that company.
- Goodreads may monitor user content posted on the site and has the right to remove any such information or material, on or without the request of any third party.
- remember information;
- provide custom, personalized content and information;
- monitor the effectiveness of their service;
- monitor aggregate metrics such as total number of visitors and traffic;
- diagnose or fix reported technology problems; and
- help the users efficiently access their information after they sign in.
- Goodreads uses commercially reasonable safeguards to preserve the integrity and security of the user’s personal information, once they receive the user’s information. They cannot, however, warrant the security of any information transmitted to Goodreads. However, there is no guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of their physical, technical, or managerial safeguards.
- To protect the privacy and security of the user, Goodreads takes reasonable steps to verify his/her identity before granting him/her access to his/her account. The user is responsible for maintaining the secrecy of his/her unique password and account information, and for controlling access to his/her email communications from Goodreads.
Following the deletion of the user account, Meru may retain the private profile information for a commercially reasonable time for backup, archival, or audit purposes, and any information that the user chose to make public on the app may not be removable.
- Foodpanda reserves the right to disclose the user’s personal information if required by law, or, if it is reasonably necessary, in its opinion, to protect the rights or property of Foodpanda or any third party, or to avoid injury to any person.
- If the Foodpanda business is sold or merged with another entity, the user’s personal information may be passed to a third party.
- Gaana uses third-party advertising companies to serve ads. These companies may use information about the user’s visits to or use of a website, mobile app or services, in order to provide ads of interest to him/her.
- Any personally identifiable information provided will not be considered as sensitive if it is freely available or accessible in the public domain. Moreover, any comments, messages, blogs, scribbles, etc. posted/uploaded/conveyed/communicated to the public sections becomes published content and is not considered personally identifiable information.
- Gaana’s web servers automatically collect limited information about the user’s computer’s connection to the Internet when he/she visits their site. They may also collect log information from his/her device.
- Gaana may use “clear GIFs” to track online usage patterns of their users in an anonymous manner, without personally identifying the user. They may also use clear GIFs to track which emails are opened by recipients.
- When they present information to our advertisers, it is usually in the form of aggregated statistics on traffic to various pages/content within our site.
- They use third-party advertising companies to serve ads on our website. These companies may use information about the user’s visits to this and other websites in order to provide ads of interest to the user.
- Opera’s commitment to protecting the user’s privacy does not extend to third-party products and services.
- Some third-party sites may monitor data traffic from our products and services, such as numbers of hits and the search terms used. They do not make available any personally identifiable information to these services.
- They retain personal data only as long as necessary for processing it in accordance with the purposes described in this statement, or as otherwise necessary to comply with applicable laws. When the user’s data is no longer necessary or relevant for our purposes or required by applicable laws, they take steps to have it deleted, aggregated or made anonymous.
- Because Opera is an international company with data-centres around the world, the user’s data may be transferred to countries which do not have the same level of data protection laws as those in the country where he/she are located. Opera will ensure that his/her data is protected to a strict standard.
- Goodreads may store personal information in locations outside the direct control of Goodreads.
- Goodreads may buy or sell assets or business offerings, of which customer, email, and visitor information is generally a part. They may also transfer such information in the course of corporate divestitures, mergers, or dissolution.
- Goodreads can disclose personal information to any third party if it necessary to exercise or protect the rights, property, or personal safety of Goodreads, our users or others.
- Goodreads allows other companies, called third-party ad servers, to serve ads on their site. These third-party ad servers use technology to send the ads and links that appear on Goodreads. They automatically receive the user’s IP address when this happens. They may also use other technologies to measure the effectiveness of their ads and to personalize the advertising content.
- Goodreads is not responsible for the practices employed by websites linked to or from their website nor the information or content contained therein.
- Goodreads uses both session cookies and persistent cookies, log file information and clear GIFs.