BioYa Privacy Policy
Last Revision Date: March 23, 2025
I. Introduction
At BioYa, safeguarding your privacy is our top priority. We have implemented a robust and trustworthy system to protect your personal information, ensuring you can confidently enjoy our secure and reliable services.
II. Protection of Minors' Personal Information
(A) Principles of Minors' Protection
Our services are designed exclusively for individuals aged 18 and above. We do not intentionally collect personal information from minors. To uphold this policy and maintain platform security, we verify user age to restrict access by underage individuals. Should we unintentionally collect data from users under 18, we will promptly delete such information.
(B) Restrictions on Minors' Use
If you are under 18, please do not use our services. We strongly advise minors to access the internet under the supervision of a parent or guardian.
(C) Responsibilities of Guardians
If you are a parent or guardian and discover that a minor has provided us with personal information without your consent, please notify us immediately. We will take swift action to delete the relevant data and ensure the minor no longer uses our services.
(D) Data Deletion Requests
If you become aware that a minor’s data has been collected, please contact us without delay using the following method:
Email: alphacueanimalcare@gmail.com
We will process and delete the relevant data within 15 business days of receiving your request.
III. Collection and Use of Personal Information
(A) Account Registration
Access to BioYa’s services necessitates the creation of a user account. Users are solely responsible for maintaining the confidentiality of their login credentials, and sharing such information with third parties is expressly prohibited.
(B) Device Information
1. Device Id: To ensure the efficient and secure functioning of our software and services, we collect unique identifiers associated with your device.
2. Device-Specific Details: We automatically gather comprehensive data about your device, including its ID, brand, model, operating system and version, current status, hardware specifications, and details from your internet service provider or mobile carrier (e.g., IP address). Additionally, when using our application, we log network type, platform, and user interactions with its features.
(C) Data Collection for Analytical Purposes
To enhance user experience and improve service quality, we collect detailed logs and usage data. Each interaction with our services is recorded, capturing information such as device configuration, IP address, access times, pages and files viewed, and features utilized. Diagnostic data, including crash reports, hardware settings, and error logs, may also be collected. In specific scenarios, we may use the device ID and advertising ID for analytical purposes to evaluate marketing strategies, optimize service performance, and deliver personalized services and promotions. Such usage, however, will only occur with the user’s explicit consent.
(D) Permissions
To ensure a comprehensive user experience and the proper functioning of all service features, BioYa may request the following permissions:
1. Photo Library Access: When uploading photos from the device’s photo library, access is requested to enable photo sharing in chats or updating profile pictures.
2. Camera Access: Permission to use the camera is required when initiating photo capture or video calls to support photo sharing and live video communication.
3. Audio and Video Access: Access to audio and video features is necessary for seamless communication during video calls or audio recordings.
4. Bluetooth Access: To enhance the audio experience when connecting to external devices, Bluetooth access may be requested for seamless pairing.
5. External Storage Access:
○ Read Permission: Access to external storage is required to retrieve files, such as when uploading photos or videos.
○ Write Permission: Access is necessary to save or download content, such as images or videos, to the device.
6. Advertising ID: To optimize marketing efforts, the device’s advertising ID may be collected to analyze advertising effectiveness and refine promotional campaigns.
Users are reminded that these permissions are only activated with their explicit consent and can be managed or modified at any time through device settings. BioYa is committed to protecting user privacy, and personal information will never be used for unauthorized purposes.
IV. Sharing, Transfer, and Disclosure of Personal Information
(A) Information Sharing
1. With Explicit Consent: Personal information will only be shared with third parties upon obtaining the user’s explicit consent.
2. To Fulfill Legal Obligations: In compliance with laws, regulations, or government requests, we may disclose the minimum necessary information required to meet legal obligations.
3. With Authorized Partners: We collaborate with partners to deliver specific services or complete designated tasks. Only the data essential for their functions is shared, and partners are contractually prohibited from using the information for other purposes.
(B) Collaboration with Third Parties
We engage third-party suppliers, service providers, and partners to support our operations, including technical infrastructure, service performance analysis, customer service, payment processing, research, and advertising effectiveness evaluation. For instance, data related to app usage, user behavior, and marketing performance may be shared with partners such as Appsflyer for marketing analysis and attribution. Platforms like Facebook may also be utilized for statistical tracking to understand user behavior and process payment information. All third parties are bound by strict data protection agreements, ensuring they handle personal information in accordance with our instructions, privacy policy, and applicable confidentiality and security standards.
V. Protection of Personal Information
BioYa employs a comprehensive approach to safeguard personal information, adhering to industry best practices and regulatory requirements. Measures include anonymizing data where feasible, implementing robust security systems to defend against malicious attacks, and establishing a stringent access control mechanism based on the principle of least privilege. Only authorized personnel are granted access to sensitive data, and staff undergo regular training to enhance their understanding of personal information security and best practices.
VI. Management of Personal Information
(A) Accessing Your Data
In line with legal standards, you are entitled to review and manage your personal information. The following options are available to you:
1. Account Details: Access your account and go to the [My - Settings] section to view or modify your profile details.
2. Support Assistance: If you face issues accessing your data through the settings, contact our support team. We will respond to your request within 15 business days.
3. Additional Data: For other personal information generated while using our services, access will be granted based on applicable agreements and procedures.
4. Data Copies: If you need a copy of your personal information, reach out to our support team for assistance.
(B) Removing Personal Information
You can delete specific personal data using the same methods described above. Additionally, you may request deletion under the following conditions:
1. If our collection or use of your data breaches legal or regulatory requirements.
2. If we process your information without your explicit permission.
3. If our handling of your data violates our agreement with you.
4. If you decide to stop using our services and want your account removed.
5. If we permanently discontinue providing services to you.
VII. Data Retention Practices
We prioritize the privacy and security of user data and strictly follow applicable privacy laws. Below is our detailed data retention framework, designed to ensure clarity and compliance in data handling:
1. Retention Duration
We keep personal data only for the period necessary to achieve the purposes for which it was collected. The retention timeframe depends on the type of data, its intended use, and legal obligations. For example:
○ Account Information: Retained while your account is active and deleted or anonymized within 30 days of account closure.
○ Transaction Records: Stored for up to 7 years to meet tax and audit requirements.
○ Support Records: Kept for up to 2 years to address user inquiries or disputes.
○ Marketing Data: Removed within 6 months after you withdraw consent for marketing communications.
○ System Logs: Retained for up to 90 days to maintain system security and improve service performance.
2. Data Removal and Anonymization
When data is no longer needed for its original purpose, it is promptly deleted or anonymized in line with our internal policies. Anonymized data is no longer considered personal and may be used for analytical or other legitimate purposes.
3. Legal and Regulatory Compliance
In certain cases, we may retain data to meet legal, regulatory, or contractual obligations, such as:
○ Satisfying tax, audit, or financial reporting requirements.
○ Resolving legal disputes or assisting with law enforcement investigations.
○ Adhering to specific industry or regional regulations.
4. User Rights and Requests
Under privacy laws, you have the right to access, correct, or delete your personal data. We will handle such requests in accordance with your preferences and legal standards. To exercise these rights, contact us at alphacueanimalcare@gmail.com, and we will respond within 30 days.
5. Transparency in Retention Practices
We are committed to clearly explaining how long we retain data and the reasons behind it. Our privacy policy is regularly updated to reflect changes in laws and operational practices. For any questions about our data retention practices, email us at alphacueanimalcare@gmail.com.
6. Data Security Measures
We employ advanced technical and administrative safeguards to protect data during retention, including:
○ Encrypting data during transmission and storage.
○ Periodically reviewing our retention policies to ensure compliance with legal standards.
○ Training employees on privacy and data protection to ensure adherence to established protocols.
VIII. Legal Framework and Your Rights Regarding Data Processing
At BioYa, we process your personal data in strict adherence to applicable privacy laws, ensuring transparency and accountability. The legal basis for processing your information includes:
• Consent: In specific scenarios, we seek your explicit permission before collecting and using your data.
• Contractual Necessity: When processing is essential to fulfill our agreement with you, we rely on this legal foundation.
• Legitimate Interests: We may process your data to pursue our legitimate business goals, such as enhancing app security, maintaining functionality, and improving user experience.
• Legal Compliance: In certain cases, we handle your data to meet legal or regulatory obligations.
• Public Interest: When processing is required for tasks performed in the public interest, we act accordingly.
As a user, you are granted specific rights under data protection laws to ensure control over your personal information. These rights include:
1. Access: You can request access to the personal data we hold about you at any time.
2. Correction: If your data is inaccurate or incomplete, you may ask us to update or correct it.
3. Erasure: Under certain conditions, you have the right to request the deletion of your personal data.
4. Restriction: In specific situations, you may ask us to limit the processing of your information.
5. Portability: You can request that we provide your data in a structured, transferable format for your use or to share with another controller.
6. Objection: When processing is based on legitimate interests, you may object to such processing.
7. Withdrawal of Consent: If we process your data based on your consent, you may withdraw it at any time, without affecting the lawfulness of prior processing.
8. Complaint: If you believe we have violated privacy laws, you have the right to lodge a complaint with your local data protection authority.
We are committed to upholding your rights and ensuring your data is handled responsibly. For any inquiries or to exercise your rights, please contact us at [insert contact details]. Your trust is our priority, and we strive to maintain the highest standards of data protection.
X. Privacy Rights Under Applicable Laws
BioYa is committed to upholding your privacy rights in compliance with various data protection laws, including the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD), the Virginia Consumer Data Protection Act (VCDPA), and the General Data Protection Regulation (GDPR). Below, we outline your rights under these frameworks and how you can exercise them.
(A) California Consumer Privacy Act (CCPA)
If you are a California resident, you are entitled to the following rights:
1. Right to Know:
○ You have the right to request detailed information about the personal data we have collected, used, shared, or sold in the past 12 months. This includes:
▪ The categories of personal data we have collected (e.g., name, email, device information).
▪ The specific pieces of personal data we hold about you.
▪ The purposes for which the data was collected, used, shared, or sold (e.g., for service delivery, marketing, or analytics).
▪ The categories of third parties with whom the data was shared or sold (e.g., advertising partners, service providers).
○ You may submit this request up to twice a year.
2. Right to Delete:
○ You have the right to request the deletion of your personal data that we have collected or maintain. However, there are certain exceptions where we may retain your data, such as:
▪ To complete a transaction or provide a service you requested (e.g., processing a purchase or delivering a subscription).
▪ To detect security incidents, protect against malicious or illegal activity, or prosecute those responsible.
▪ To comply with legal obligations or exercise legal rights (e.g., tax reporting or responding to legal requests).
3. Right to Opt-Out of Sale:
○ You have the right to direct us not to sell your personal data to third parties. If you opt out, we will cease selling your data unless you later provide explicit consent to resume such sales.
4. Right to Opt-Out of Targeted Advertising:
○ You have the right to opt out of the use of your personal data for targeted advertising. This means we will not use your data to deliver advertisements tailored to your interests or behavior across different websites, apps, or services.
5. Right to Non-Discrimination:
○ You have the right to exercise your privacy rights without facing discrimination. We will not deny you goods or services, charge you different prices, or provide a different level or quality of services solely because you exercised your rights under the CCPA.
(B) Brazilian General Data Protection Law (LGPD)
If you are in Brazil, you have the following rights:
1. Right to Access:
○ You may request information about the personal data we hold about you, including the purposes of processing, categories of data, and recipients of the data.
2. Right to Correction:
○ If your data is inaccurate, incomplete, or outdated, you may request corrections or updates to ensure its accuracy.
3. Right to Erasure:
○ You may request the deletion of your personal data from our systems, where legally permitted. This applies when the data is no longer necessary for the purposes for which it was collected or when you withdraw your consent.
4. Right to Information:
○ You may inquire about the organizations with whom we share your data, the reasons for sharing, and the scope of such sharing.
5. Right to Revoke Consent:
○ You may withdraw your consent for specific data processing activities at any time. This withdrawal will not affect the lawfulness of processing conducted prior to your withdrawal.
6. Right to Object:
○ You may object to the processing of your personal information if it is based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
7. Right to Data Transfer:
○ You may request that we transfer your personal data to you or a third party of your choice in a structured, commonly used, and machine-readable format.
8. Right to File a Complaint:
○ If you believe your data protection rights have been violated, you may file a complaint with the National Data Protection Authority (ANPD).
(C) Virginia Consumer Data Protection Act (VCDPA)
If you are a Virginia resident, you have the following rights:
1. Right to Opt-Out of Targeted Advertising:
○ You may opt out of the use of your personal data for targeted advertising. This includes displaying ads to you based on your personal data collected across non-affiliated websites or applications.
2. Right to Opt-Out of Sale:
○ You may opt out of the sale of your personal data to third parties. Under the VCDPA, "sale" is defined as the exchange of personal data for monetary or other valuable consideration.
3. Right to Opt-Out of Profiling:
○ You may opt out of profiling that supports decisions producing legal or similarly significant consequences for you. Profiling refers to the automated processing of personal data to evaluate, analyze, or predict certain aspects of your behavior, health, or preferences.
4. Right to Access, Correct, and Delete:
○ You may request access to the personal data we hold about you, including the categories of data collected, the purposes of processing, and the third parties with whom the data has been shared.
○ You may request corrections to inaccurate or incomplete data.
○ You may request the deletion of your personal data, unless we are required by law or legitimate business purposes to retain it.
5. Right to Appeal:
○ If we deny your request, you have the right to appeal our decision. We will review your appeal and provide a written response within a reasonable time.
(D) General Data Protection Regulation (GDPR)
If you are in the European Union, you have the following rights:
1. Right of Access:
○ You may request access to your personal data and obtain details about its processing, including the purposes of processing, categories of data, recipients of the data, and the retention period.
2. Right to Rectification:
○ You may request corrections to inaccurate or incomplete personal data without undue delay.
3. Right to Erasure:
○ You may request the deletion of your personal data, particularly when:
▪ The data is no longer necessary for the purposes for which it was collected.
▪ You withdraw your consent, and there is no other legal basis for processing.
▪ You object to the processing, and there are no overriding legitimate grounds for continuing it.
▪ The data has been unlawfully processed.
4. Right to Restrict Processing:
○ You may request the restriction of processing of your personal data, particularly when:
▪ You contest the accuracy of the data, and we need time to verify it.
▪ The processing is unlawful, but you do not want the data erased.
▪ We no longer need the data, but you require it for legal claims.
5. Right to Data Portability:
○ You may receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another controller.
6. Right to Object:
○ You may object to the processing of your personal data based on legitimate interests or public interest, including for direct marketing purposes.
7. Right to Withdraw Consent:
○ You may withdraw your consent for data processing at any time. This withdrawal will not affect the lawfulness of processing conducted prior to your withdrawal.
8. Right to Lodge a Complaint:
○ If you believe your data rights have been violated, you may file a complaint with your local data protection authority.
How to Exercise Your Rights
To exercise any of the rights outlined above, please contact us at alphacueanimalcare@gmail.com. We will respond to your request within the timeframe required by the applicable law, typically within 30 to 45 days. If additional time is needed, we will notify you and provide an explanation.
BioYa is dedicated to protecting your privacy and ensuring transparency in our data practices. For further details or assistance, please reach out to us via the provided contact information.
XI. Updates to This Privacy Policy
We reserve the right to modify this privacy policy periodically to reflect changes in our practices or legal obligations. Any updates that may impact your rights will be communicated clearly and transparently. We will not diminish your rights without obtaining your explicit consent. For significant changes, we will provide prominent notifications through in-app alerts, pop-up messages, or other effective means.
XII. Data Protection Officer (DPO)
If you have questions, concerns, or requests related to the processing of your personal data, or if you wish to learn more about your privacy rights, you may contact our Data Protection Officer (DPO), Evelyn Carter, at alphacueanimalcare@gmail.com. Our DPO is dedicated to addressing your inquiries and ensuring compliance with applicable data protection laws.
XIII. Controller Information
BioYa acts as the data controller responsible for managing your personal information in connection with our services. If you have any questions or concerns regarding the handling of your personal data, please reach out to us using the following contact details:
• Email: alphacueanimalcare@gmail.com
• Address: 212/1, West Monipur, Mirpur-2, Dhaka-1216, Bangladesh (BD)
XIV. Contact Us
For any questions, comments, or suggestions regarding this privacy policy, you may contact us through the following methods:
• Use the customer service feature within the BioYa application.
• Send an email to our service mailbox at alphacueanimalcare@gmail.com.
We strive to respond to all inquiries within 15 days of receipt. Your feedback is important to us, and we are committed to addressing your concerns promptly and effectively.